diff --git a/common/certificate_type.h b/common/certificate_type.h deleted file mode 100644 index b63a639..0000000 --- a/common/certificate_type.h +++ /dev/null @@ -1,22 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2017 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -#ifndef COMMON_CERTIFICATE_TYPE_H_ -#define COMMON_CERTIFICATE_TYPE_H_ - -namespace widevine { - -enum CertificateType { - kCertificateTypeTesting, - kCertificateTypeDevelopment, - kCertificateTypeProduction, -}; - -} // namespace widevine - -#endif // COMMON_CERTIFICATE_TYPE_H_ diff --git a/common/status.h b/common/status.h deleted file mode 100644 index 0f44f62..0000000 --- a/common/status.h +++ /dev/null @@ -1,109 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2017 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -#ifndef COMMON_STATUS_H_ -#define COMMON_STATUS_H_ - -#include -#include - -#include "util/error_space.h" - -namespace widevine { -namespace error { - -enum StatusCode { - // Success. - OK = 0, - - // Client specified an invalid argument. - INVALID_ARGUMENT = 3, - - // Some requested entity (e.g., file or directory) was not found. - NOT_FOUND = 5, - - // Some entity that we attempted to create (e.g., file or directory) - // already exists. - ALREADY_EXISTS = 6, - - // The caller does not have permission to execute the specified - // operation. PERMISSION_DENIED must not be used for rejections - // caused by exhausting some resource (use RESOURCE_EXHAUSTED - // instead for those errors). - PERMISSION_DENIED = 7, - - // Operation is not implemented or not supported/enabled in this service. - UNIMPLEMENTED = 12, - - // Internal errors. Means some invariants expected by underlying - // system has been broken. If you see one of these errors, - // something is very broken. - INTERNAL = 13, - - // Operation is not implemented or not supported/enabled in this service. - UNAVAILABLE = 14, - - // Number of generic (non license related) errors. - NUM_ERRORS, -}; - -} // namespace error - -class Status { - public: - - Status() = default; - - ~Status() = default; - - explicit Status(error::StatusCode c) : status_code_(c) {} - - Status(error::StatusCode c, const std::string& error_message) - : status_code_(c), error_message_(error_message) {} - - Status(const util::ErrorSpace* e, error::StatusCode c, - const std::string& error_message) - : error_space_(e), status_code_(c), error_message_(error_message) {} - - Status(const util::ErrorSpace* e, int error, const std::string& error_message) - : error_space_(e), status_code_(error), error_message_(error_message) {} - - bool ok() const { return status_code_ == error::OK; } - const util::ErrorSpace* error_space() const { return error_space_; } - static const util::ErrorSpace* canonical_space(); - std::string ToString() const; - std::string error_message() const { return error_message_; } - int error_code() const { return status_code_; } - - private: - const util::ErrorSpace* error_space_ = canonical_space(); - int status_code_ = error::OK; - std::string error_message_; -}; - -inline Status OkStatus() { return Status(); } - -inline bool operator==(const Status& s1, const Status& s2) { - return s1.error_space() == s2.error_space() && - s1.error_code() == s2.error_code() && - s1.error_message() == s2.error_message(); -} -inline bool operator!=(const Status& s1, const Status& s2) { - return !(s1 == s2); -} - - -// Prints a human-readable representation of 'x' to 'os'. -std::ostream& operator<<(std::ostream& os, const Status& x); - -#define CHECK_OK(expression) CHECK(expression.ok()) << expression.ToString() - - -} // namespace widevine - -#endif // COMMON_STATUS_H_ diff --git a/example/wvpl_cas_proxy_environment_example b/example/wvpl_cas_proxy_environment_example deleted file mode 100644 index 946fce4..0000000 Binary files a/example/wvpl_cas_proxy_environment_example and /dev/null differ diff --git a/example/wvpl_cas_proxy_environment_example.cc b/example/wvpl_cas_proxy_environment_example.cc deleted file mode 100644 index f6fe475..0000000 --- a/example/wvpl_cas_proxy_environment_example.cc +++ /dev/null @@ -1,145 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2019 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -// Example of usage of wvpl_cas_proxy_environment. - -#include -#include -#include - -#include "media_cas_proxy_sdk/external/common/wvpl/wvpl_cas_proxy_environment.h" -#include "media_cas_proxy_sdk/external/common/wvpl/wvpl_cas_proxy_session.h" - -using widevine_server::wv_pl_sdk::WvPLCASProxySession; -using widevine_server::wv_pl_sdk::WvPLStatus; - -namespace { -const char kValidRequestFromCdm[] = - "080712b90b0a840b080112ed090aae02080212108b8832fb7921b3e65419c6112f96d1" - "ce18e4edd4e105228e023082010a0282010100a729e70e43515708819fe6c62f9fc26e" - "a9f2300bd5cca79131b46997cc2822a8479a58ea287b7dceada6b77290cd0df3f7a98b" - "d4e91907631bfc4065afe93b08f95a5799f7391252de6a3d0a0e502dc116c0e0853c87" - "5e5ebff843858c322f2c06017d423981a7a41070ff8eae0c2ac135491187eb227907b1" - "185ecb76cd3f26eb0259a3e6c177c35ade2c07aa243d29599e251a6ab4dbb9bea00112" - "7bd39765bd40a1bb23b883b10ab829adde17311b90295059570936f0ee5ec6bdaba0be" - "07adbff30505537c67f1004daf469e6d760024f6f07095687fde35a62651b504beeaca" - "79282ce83001a914fdd9eface7e6d15959abee536b3c4cb53e573b39128d0203010001" - "2899201280023231afb3b643ea7db3095fdca3fe8df49e299d2b19fe9da7ab5f286ef2" - "17a08226bd0d530e9683fbb78edecca7d8bc3f1f9ac03a53a8d48029c0f490a6af301b" - "da27316e5920409a5a889acba49539d1d92c0b784b181da114f3bb45edbc7bba7cddfa" - "6e599500e92f8c0dd11ecebebb80fec73273d5c620bf30b30c0be1a90f1b86ea913497" - "39d961b589ce1b1b83d31e135e489b752a32431ad1bd6e8b6986dbd0c98073872b5349" - "11fc8ebfa528c62f6969b6d4b5079a640b02fa5989cccac708d4130e4686020f8b50f9" - "ea38f82424293555f82fc920ad33f41398b532fe01e28b50f76d35349835328714969b" - "ab67f68eb3cc30aac5d271fff3e1b1c9621ab6050ab00208011210084d60bc65937db6" - "ac7f992b41ecf5f218a2d38a8c05228e023082010a0282010100991b357bb714decac1" - "e70eaa36d1d0834df24a3d10369f90a22734a3ad4aebccfc2432bdd6dcd1ffd75699ba" - "5608c4457972d27c47abcff8c88cd9900938260b8c85795327b2aef3a1db27e8b96203" - "9284d602c6a74c6a143a67be64a16a1c8f44fafadac242ceb6d8ade9c4d4542ebd3ee9" - "d2a0a71eb7a4ccf916e02f26793b0c13a4921c3eed49c5c96cd455598ede040ce472b0" - "15a9af3cda82c49792aa7f6bbfbf4667293b44ec7429c39a038911ce1fe462c35e95c2" - "64d363343c3adb944fa2aabdba0fb61c402797585f3dfb796f6ce1dcf3b79c9887be98" - "1470ecbcb048e59e564fc3ad2c4b860f70aa468fb66c4a2847eec755ade89bd6225740" - "c9a502030100012899203001128003212de141c13057c1987218dd7fbc2dc9f84c82f9" - "1f5b163d0370c7069387c70c90c3060f0504573c6e0bd3acb984fc3ab7b221a77d3733" - "324d670a9a5eea64691d5666a9b67dd367803cd5753bd75ea7239bec0c008297695771" - "ce203c60898d4f264ad55d3d01c96f66d6fb6c53d1928a60ad040d7d48e9c83d6849c2" - "48e45c0f95bbb8cd0b1feee4458c5c60ab0d52e1fb0f8ee98766af9cf93307578657e8" - "00f1a4ed3f6a00e8951b2158f45cfcc2f7e5e5cc3d7f04ea2be34aa8dd49ebd78c618c" - "1404e308257e502aac8df00d52a8985301bfe5e6e784d77b0bc52c935a8b183fb5afed" - "25a5855a77fcf2715c907611624a58b037d819857bab926bee4d560277089efb070fb3" - "f5385d1dde1e486d8f32d253de8692e3098e35b3192647e79544cf0fb28b362133e942" - "97781cf3f68960531667ee74e7026bd72137eb1ddd057834cf1dabe8d7069f88acb4b7" - "a402470f2801264bb49c3bfee24fc640a46374d6c10bc7d2b960792d11da5086ab8ccf" - "f46180c243c395d22f1a9e4f6b021a130a0c636f6d70616e795f6e616d651203777777" - "1a110a0a6d6f64656c5f6e616d6512037777771a200a0c70726f647563745f6e616d65" - "12105769646576696e6543617354657374731a260a116172636869746563747572655f" - "6e616d6512116172636869746563747572655f6e616d651a1a0a0b6465766963655f6e" - "616d65120b6465766963655f6e616d653202280e12200a1e0a1c1a0d7769646576696e" - "655f746573742209436173547346616b655802180120e4edd4e105301538d3a2fbfe02" - "1a80020570d7809a297c640bc56234cfea3687e747dcbf8e6cc326de6a1102fecc43ec" - "674c02e5c8d31109a1ac7f2cb52f44a6b2b410a6d2632bb841ead6437be510efa7c8a5" - "02de1e734e057b9ac65eec6361afaf3b71f074ff37428580067d856d4bfbecef170d11" - "d5cb631bcf31193a66156b06a16119d0d19381cd57cacb0aeb6b6e5b3e427c8117be13" - "7b662332a1a80f48e599675325b5b8afd4010f7850ba332fa78eaf0ddeef7086890cce" - "194631e3d205cb459a7e1ff11b54791ef394b74fb8a729d0104b00e17b9e05c5d42fac" - "923f98d43aedc70ab0733039eb22f35c6961e4587085a14c4a9ace1db00508843e79ee" - "ba68321b559fbdfdf04c88813cdd"; - -const char kWidevineTestProvider[] = "widevine_test"; - -static const char hex_value[256] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, - 0, // '0'..'9' - 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'A'..'F' - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 10, 11, 12, 13, - 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'a'..'f' - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - -void a2b_hex(const char* a, char* b, int num) { - for (int i = 0; i < num; i++) { - b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]); - } -} - -std::string a2b_hex(const std::string& a) { - int len = a.size(); - char* b = new char[len]; - a2b_hex(a.data(), b, len); - // Binary length is half ascii length plus one byte if ascii length is odd. - std::string s(b, len / 2 + ((len % 2) ? 1 : 0)); - delete[](b); - return s; -} -} // namespace - -int main(int argc, char** argv) { - std::map config_values; - config_values["drm_certificate_type"] = "test"; - config_values["provider"] = kWidevineTestProvider; - widevine_server::wv_pl_sdk::WvPLCASProxyEnvironment environment( - config_values); - WvPLStatus status = environment.Initialize(); - if (!status.ok()) { - std::cerr << "Environment failed to initialize. Exiting." << std::endl; - exit(status.error_code()); - } - std::cout << "Environment created and initialized" << std::endl; - - WvPLCASProxySession* wvpl_cas_proxy_session = nullptr; - status = environment.CreateSession(a2b_hex(kValidRequestFromCdm), - &wvpl_cas_proxy_session); - if (!status.ok()) { - std::cerr << "Session creation failed. Exiting. Error code = " - << std::to_string(status.error_code()) << std::endl; - exit(status.error_code()); - } - std::cout << "Session created." << std::endl; - - std::string json_signed_cas_drm_request; - status = wvpl_cas_proxy_session->GenerateLicenseRequestAsJSON( - &json_signed_cas_drm_request); - if (!status.ok()) { - std::cerr << "Failed to generate license request. Exiting. Error code = " - << std::to_string(status.error_code()) << std::endl; - exit(status.error_code()); - } - std::cout - << "Request to POST over HTTP(s) to " - "https://license.uat.widevine.com/cas/getlicense/widevine_test = " - << json_signed_cas_drm_request << std::endl; - return 0; -} diff --git a/example/wvpl_cas_proxy_session_example b/example/wvpl_cas_proxy_session_example deleted file mode 100644 index 41d6545..0000000 Binary files a/example/wvpl_cas_proxy_session_example and /dev/null differ diff --git a/example/wvpl_cas_proxy_session_example.cc b/example/wvpl_cas_proxy_session_example.cc deleted file mode 100644 index cbc4814..0000000 --- a/example/wvpl_cas_proxy_session_example.cc +++ /dev/null @@ -1,23 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2019 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -// Example of usage of wvpl_cas_proxy_session. - -#include -#include - -#include "media_cas_proxy_sdk/external/common/wvpl/wvpl_cas_proxy_session.h" - -int main(int argc, char **argv) { - std::cout << "Session version: " - << widevine_server::wv_pl_sdk::WvPLCASProxySession:: - GetVersionString() - << std::endl; - - return 0; -} diff --git a/libwvpl_cas_proxy.so b/libwvpl_cas_proxy.so deleted file mode 100755 index 762cc87..0000000 Binary files a/libwvpl_cas_proxy.so and /dev/null differ diff --git a/media_cas_proxy_sdk/external/common/wvpl/wvpl_cas_proxy_environment.h b/media_cas_proxy_sdk/external/common/wvpl/wvpl_cas_proxy_environment.h deleted file mode 100644 index e5a3437..0000000 --- a/media_cas_proxy_sdk/external/common/wvpl/wvpl_cas_proxy_environment.h +++ /dev/null @@ -1,101 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2018 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -#ifndef MEDIA_CAS_PROXY_SDK_EXTERNAL_COMMON_WVPL_WVPL_CAS_PROXY_ENVIRONMENT_H_ -#define MEDIA_CAS_PROXY_SDK_EXTERNAL_COMMON_WVPL_WVPL_CAS_PROXY_ENVIRONMENT_H_ - -#include -#include "sdk/external/common/wvpl/wvpl_sdk_environment.h" - -namespace widevine_server { -namespace wv_pl_sdk { - -class WvPLCASProxySession; - -/** - * Sets up an environment for partners who are using the Widevine CAS License - * Proxy SDK. This environment *must* be successfully created in order to work - * with the SDK API. - * - * Implements the following public API: - * - CreateSession() - * - SetDeviceCertificateStatusList() - * - * Example Usage: - * map config_values; - * config_values.insert(std::make_pair(kDrmCertificateType, "prod"); - * config_values.insert(std::make_pair(kProvider, "TEST_PROVIDER"); - * config_values.insert(std::make_pair(kProviderIv, "TEST_IV")); - * config_values.insert(std::make_pair(kProviderKey, "TEST_KEY")); - * WvPLCASProxyEnvironment* wv_cas_proxy_environment = - * new WvPLCASProxyEnvironment(config_values); - * // This is the DeviceCertificateStatusList returned from a query to the - * // Widevine Certificate Provisioning Service (List API). - * std::string certificate_status_list = "TEST_CERTIFICATE_STATUS_LIST"; - * wvpl_status = wvpl_cas_proxy_environment->SetDeviceCertificateStatusList( - * certificate_status_list); - * WvPLCASProxySession** wvpl_cas_proxy_session = nullptr; - * std::string license_request_from_cdm = "TEST_LICENSE_REQUEST"; - * wvpl_status = wvpl_cas_proxy_environment->CreateSession( - * license_request_from_cdm, &wvpl_cas_proxy_session); - */ - -class WvPLCASProxyEnvironment : public WvPLSDKEnvironment { - public: - /** - * Constructor. - * - * @param config_values - */ - explicit WvPLCASProxyEnvironment( - const std::map& config_values); - - /** - * Destructor. - */ - ~WvPLCASProxyEnvironment() override; - - /** - * One-time initialization. Must be called after creating the environment. - */ - virtual WvPLStatus Initialize(); - - /** - * Creates a session for the license request from the Widevine CDM. - * - * @param license_request_from_cdm - * @param session - * - * @return WvPLStatus enumeration - */ - virtual WvPLStatus CreateSession(const std::string& cas_license_request, - WvPLCASProxySession** cas_proxy_session); - - /** - * Deletes the session - * - * @param session - */ - virtual void DestroySession(WvPLCASProxySession* cas_proxy_session) const; - - /** - * Set the certificate status list system-wide. - * |cert_list| specifies the device certificate status - * list as std::string or certificate status list response from keysmith. - * - * @param cert_list - * - * @return WvPLStatus enumeration - */ - WvPLStatus SetDeviceCertificateStatusList(const std::string& cert_list) const; -}; - -} // namespace wv_pl_sdk -} // namespace widevine_server - -#endif // MEDIA_CAS_PROXY_SDK_EXTERNAL_COMMON_WVPL_WVPL_CAS_PROXY_ENVIRONMENT_H_ diff --git a/media_cas_proxy_sdk/external/common/wvpl/wvpl_cas_proxy_session.h b/media_cas_proxy_sdk/external/common/wvpl/wvpl_cas_proxy_session.h deleted file mode 100644 index 0541db4..0000000 --- a/media_cas_proxy_sdk/external/common/wvpl/wvpl_cas_proxy_session.h +++ /dev/null @@ -1,114 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2018 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -#ifndef MEDIA_CAS_PROXY_SDK_EXTERNAL_COMMON_WVPL_WVPL_CAS_PROXY_SESSION_H_ -#define MEDIA_CAS_PROXY_SDK_EXTERNAL_COMMON_WVPL_WVPL_CAS_PROXY_SESSION_H_ - -#include -#include -#include - -#include "sdk/external/common/wvpl/wvpl_sdk_session.h" - -namespace widevine { -class CasDrmLicenseRequest; -} // namespace widevine - -namespace widevine_server { -namespace wv_pl_sdk { - -constexpr uint32_t kMajorVersion = 1; -constexpr uint32_t kMinorVersion = 1; -constexpr uint32_t kRelease = 5; - -/** - * Models a session for Widevine CAS Proxy functionality for - * communication with the Widevine License Service. The API allows a partner to - * inspect a license request and to generate a license request. - * - * Inherits the following "public" methods. - * - WvPLStatus AddKey(const WvPLKey& key); - * - const std::vector& key() const; - * - void set_policy(const WvPLPlaybackPolicy& policy); - * - const WvPLPlaybackPolicy& policy() const; - * - void set_session_init(const WvPLSessionInit& session_init); - * - const WvPLSessionInit& session_init(); - * - WvPLStatus GetPsshData(WvPLWidevinePsshData* wvpl_widevine_pssh_data) - * const; - * - WvPLStatus GetClientInfo(WvPLClientInfo* client_info) const; - * - WvPLStatus GetClientCapabilities(WvPLClientCapabilities* - * client_capabilities) const; - * - WvPLStatus GetDeviceInfo(WvPLDeviceInfo* device_info) const; - * - MessageType message_type() const; - * - * "Implements" the following "public" methods. - * - bool IsChromeCDM() const; - * - PlatformVerificationStatus VerifyPlatform(); - */ -class WvPLCASProxySession : public WvPLSDKSession { - public: - ~WvPLCASProxySession() override; - - /** - * Returns a std::string containing the version in the form - - * .. - */ - static std::string GetVersionString(); - - /** - * Returns whether the CAS license request originated from Widevine Chrome - * CDM. Since MediaCAS is part of the Android framework, this method would - * return "false" for requests from AndroidTV. - */ - bool IsChromeCDM() const override; - - /** - * Returns the enum PlatformVerificationStatus for the CAS license request - * from the Widevine CDM. Since CAS license requests do not require client - * platform verification currently, this method would return - * PLATFORM_NO_VERIFICATION. - */ - PlatformVerificationStatus VerifyPlatform() override; - - /** - * Returns license request as a JSON string. This std::string is placed in - * |license_request|, if successful. Returns OK status upon success, else an - * error status. - */ - WvPLStatus GenerateLicenseRequestAsJSON(std::string* license_request); - - /** - * Adds a key to the WvPLCasKey collection. - */ - WvPLStatus AddCasKey(const WvPLCasKey& key); - - private: - friend class WvPLCASProxyEnvironment; - friend class WvPLCASProxyEnvironmentTest; - friend class WvPLCASProxySessionTest; - - WvPLCASProxySession( - const widevine::DrmRootCertificate* drm_root_certificate, - const std::string& cas_license_request_from_cdm); - - WvPLStatus BuildCasDrmLicenseRequest( - widevine::CasDrmLicenseRequest* cas_drm_license_request); - - void set_provider(const std::string& provider) { provider_ = provider; } - - // name of the provider hosting this service. - std::string provider_; - - // holds all the WvPLCasKey objects. Used when generating a CAS License. - std::vector cas_keys_; -}; - -} // namespace wv_pl_sdk -} // namespace widevine_server - -#endif // MEDIA_CAS_PROXY_SDK_EXTERNAL_COMMON_WVPL_WVPL_CAS_PROXY_SESSION_H_ diff --git a/protos/public/BUILD b/protos/public/BUILD deleted file mode 100644 index 8d5da15..0000000 --- a/protos/public/BUILD +++ /dev/null @@ -1,282 +0,0 @@ -################################################################################ -# Copyright 2018 Google LLC. -# -# This software is licensed under the terms defined in the Widevine Master -# License Agreement. For a copy of this agreement, please contact -# widevine-licensing@google.com. -################################################################################ - -# Protocol buffer definitions for Widevine Services Proxy SDK. - -package(default_visibility = ["//visibility:public"]) - -filegroup( - name = "binary_release_files", - srcs = glob(["**"]), -) - -# TODO(user): Remove unnecessary proto targets in this file -# once cl/216707967 is submitted. -proto_library( - name = "exported_proxy_sdk_proto", - srcs = [ - "client_identification.proto", - "device_certificate_status.proto", - "drm_certificate.proto", - "errors.proto", - "sdk_stats.proto", - "license_protocol.proto", - "license_server_sdk.proto", - "provisioned_device_info.proto", - "remote_attestation.proto", - "signed_device_info.proto", - "signed_drm_certificate.proto", - "verified_media_pipeline.proto", - "widevine_pssh.proto", - "license_services.proto", - "media_cas_encryption.proto", - "media_cas_license.proto", - ], -) - -java_proto_library( - name = "exported_proxy_sdk_java_proto", - deps = [":exported_proxy_sdk_proto"], -) - -proto_library( - name = "license_services_proto", - srcs = ["license_services.proto"], - deps = [ - ":client_identification_proto", - ":license_protocol_proto", - ":license_server_sdk_proto", - ":errors_proto", - - ], -) - -cc_proto_library( - name = "license_services_cc_proto", - deps = [":license_services_proto"], -) - -java_proto_library( - name = "license_services_java_proto", - deps = [":license_services_proto"], -) - -proto_library( - name = "client_identification_proto", - srcs = ["client_identification.proto"], -) - -cc_proto_library( - name = "client_identification_cc_proto", - deps = [":client_identification_proto"], -) - -java_proto_library( - name = "client_identification_java_proto", - deps = [":client_identification_proto"], -) - -proto_library( - name = "device_certificate_status_proto", - srcs = ["device_certificate_status.proto"], - deps = [":provisioned_device_info_proto"], -) - -cc_proto_library( - name = "device_certificate_status_cc_proto", - deps = [":device_certificate_status_proto"], -) - -java_proto_library( - name = "device_certificate_status_java_proto", - deps = [":device_certificate_status_proto"], -) - -proto_library( - name = "sdk_stats_proto", - srcs = ["sdk_stats.proto"], -) - -cc_proto_library( - name = "sdk_stats_cc_proto", - deps = [":sdk_stats_proto"], -) - -java_proto_library( - name = "sdk_stats_java_proto", - deps = [":sdk_stats_proto"], -) - -proto_library( - name = "drm_certificate_proto", - srcs = ["drm_certificate.proto"], -) - -cc_proto_library( - name = "drm_certificate_cc_proto", - deps = [":drm_certificate_proto"], -) - -java_proto_library( - name = "drm_certificate_java_proto", - deps = [":drm_certificate_proto"], -) - -proto_library( - name = "errors_proto", - srcs = ["errors.proto"], -) - -cc_proto_library( - name = "errors_cc_proto", - deps = [":errors_proto"], -) - -java_proto_library( - name = "errors_java_proto", - deps = [":errors_proto"], -) - -proto_library( - name = "license_protocol_proto", - srcs = ["license_protocol.proto"], - deps = [ - ":client_identification_proto", - ":remote_attestation_proto", - ], -) - -cc_proto_library( - name = "license_protocol_cc_proto", - deps = [":license_protocol_proto"], -) - -java_proto_library( - name = "license_protocol_java_proto", - deps = [":license_protocol_proto"], -) - -proto_library( - name = "license_server_sdk_proto", - srcs = ["license_server_sdk.proto"], - deps = [":license_protocol_proto", - ":widevine_pssh_proto"], -) - -cc_proto_library( - name = "license_server_sdk_cc_proto", - deps = [":license_server_sdk_proto"], -) - -java_proto_library( - name = "license_server_sdk_java_proto", - deps = [":license_server_sdk_proto"], -) - -proto_library( - name = "provisioned_device_info_proto", - srcs = ["provisioned_device_info.proto"], -) - -cc_proto_library( - name = "provisioned_device_info_cc_proto", - deps = [":provisioned_device_info_proto"], -) - -java_proto_library( - name = "provisioned_device_info_java_proto", - deps = [":provisioned_device_info_proto"], -) - -proto_library( - name = "remote_attestation_proto", - srcs = ["remote_attestation.proto"], - deps = [":client_identification_proto"], -) - -cc_proto_library( - name = "remote_attestation_cc_proto", - deps = [":remote_attestation_proto"], -) - - -java_proto_library( - name = "remote_attestation_java_proto", - deps = [":remote_attestation_proto"], -) - -proto_library( - name = "signed_device_info_proto", - srcs = ["signed_device_info.proto"], -) - -cc_proto_library( - name = "signed_device_info_cc_proto", - deps = [":signed_device_info_proto"], -) - -proto_library( - name = "signed_drm_certificate_proto", - srcs = ["signed_drm_certificate.proto"], -) - -cc_proto_library( - name = "signed_drm_certificate_cc_proto", - deps = [":signed_drm_certificate_proto"], -) - -proto_library( - name = "verified_media_pipeline_proto", - srcs = ["verified_media_pipeline.proto"], -) - -cc_proto_library( - name = "verified_media_pipeline_cc_proto", - deps = [":verified_media_pipeline_proto"], -) - -proto_library( - name = "widevine_pssh_proto", - srcs = ["widevine_pssh.proto"], -) - -cc_proto_library( - name = "widevine_pssh_cc_proto", - deps = [":widevine_pssh_proto"], -) - -java_proto_library( - name = "widevine_pssh_java_proto", - deps = [":widevine_pssh_proto"], -) - -proto_library( - name = "media_cas_license_proto", - srcs = ["media_cas_license.proto"], - deps = [ - ":license_protocol_proto", - ":license_server_sdk_proto", - ":errors_proto", - ":media_cas_encryption_proto", - ], -) - -cc_proto_library( - name = "media_cas_license_cc_proto", - deps = [":media_cas_license_proto"], -) - -proto_library( - name = "media_cas_encryption_proto", - srcs = ["media_cas_encryption.proto"], -) - -cc_proto_library( - name = "media_cas_encryption_cc_proto", - deps = [":media_cas_encryption_proto"], -) diff --git a/protos/public/client_identification.proto b/protos/public/client_identification.proto deleted file mode 100644 index 80d4046..0000000 --- a/protos/public/client_identification.proto +++ /dev/null @@ -1,120 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2016 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -// -// Description: -// ClientIdentification messages used by provisioning and license protocols. - -syntax = "proto2"; - -package widevine; - -option java_package = "com.google.video.widevine.protos"; -option java_outer_classname = "ClientIdentificationProtos"; - -// ClientIdentification message used to authenticate the client device. -message ClientIdentification { - enum TokenType { - KEYBOX = 0; - DRM_DEVICE_CERTIFICATE = 1; - REMOTE_ATTESTATION_CERTIFICATE = 2; - OEM_DEVICE_CERTIFICATE = 3; - } - - message NameValue { - optional string name = 1; - optional string value = 2; - } - - // Capabilities which not all clients may support. Used for the license - // exchange protocol only. - message ClientCapabilities { - enum HdcpVersion { - HDCP_NONE = 0; - HDCP_V1 = 1; - HDCP_V2 = 2; - HDCP_V2_1 = 3; - HDCP_V2_2 = 4; - HDCP_V2_3 = 5; - HDCP_NO_DIGITAL_OUTPUT = 0xff; - } - - enum CertificateKeyType { - RSA_2048 = 0; - RSA_3072 = 1; - } - - enum AnalogOutputCapabilities { - ANALOG_OUTPUT_UNKNOWN = 0; - ANALOG_OUTPUT_NONE = 1; - ANALOG_OUTPUT_SUPPORTED = 2; - ANALOG_OUTPUT_SUPPORTS_CGMS_A = 3; - } - - optional bool client_token = 1 [default = false]; - optional bool session_token = 2 [default = false]; - optional bool video_resolution_constraints = 3 [default = false]; - optional HdcpVersion max_hdcp_version = 4 [default = HDCP_NONE]; - optional uint32 oem_crypto_api_version = 5; - // Client has hardware support for protecting the usage table, such as - // storing the generation number in secure memory. For Details, see: - // https://docs.google.com/document/d/1Mm8oB51SYAgry62mEuh_2OEkabikBiS61kN7HsDnh9Y/edit#heading=h.xgjl2srtytjt - optional bool anti_rollback_usage_table = 6 [default = false]; - // The client shall report |srm_version| if available. - optional uint32 srm_version = 7; - // A device may have SRM data, and report a version, but may not be capable - // of updating SRM data. - optional bool can_update_srm = 8 [default = false]; - repeated CertificateKeyType supported_certificate_key_type = 9; - optional AnalogOutputCapabilities analog_output_capabilities = 10 - [default = ANALOG_OUTPUT_UNKNOWN]; - optional bool can_disable_analog_output = 11 [default = false]; - // Clients can indicate a performance level supported by OEMCrypto. - // This will allow applications and providers to choose an appropriate - // quality of content to serve. Currently defined tiers are - // 1 (low), 2 (medium) and 3 (high). Any other value indicate that - // the resource rating is unavailable or reporting erroneous values - // for that device. For details see, - // https://docs.google.com/document/d/1wodSYK-Unj3AgTSXqujWuBCAFC00qF85G1AhfLtqdko - optional uint32 resource_rating_tier = 12 [default = 0]; - } - - // Type of factory-provisioned device root of trust. Optional. - optional TokenType type = 1 [default = KEYBOX]; - // Factory-provisioned device root of trust. Required. - optional bytes token = 2; - // Optional client information name/value pairs. - repeated NameValue client_info = 3; - // Client token generated by the content provider. Optional. - optional bytes provider_client_token = 4; - // Number of licenses received by the client to which the token above belongs. - // Only present if client_token is specified. - optional uint32 license_counter = 5; - // List of non-baseline client capabilities. - optional ClientCapabilities client_capabilities = 6; - // Serialized VmpData message. Optional. - optional bytes vmp_data = 7; -} - -// EncryptedClientIdentification message used to hold ClientIdentification -// messages encrypted for privacy purposes. -message EncryptedClientIdentification { - // Provider ID for which the ClientIdentifcation is encrypted (owner of - // service certificate). - optional string provider_id = 1; - // Serial number for the service certificate for which ClientIdentification is - // encrypted. - optional bytes service_certificate_serial_number = 2; - // Serialized ClientIdentification message, encrypted with the privacy key - // using AES-128-CBC with PKCS#5 padding. - optional bytes encrypted_client_id = 3; - // Initialization vector needed to decrypt encrypted_client_id. - optional bytes encrypted_client_id_iv = 4; - // AES-128 privacy key, encrypted with the service public key using RSA-OAEP. - optional bytes encrypted_privacy_key = 5; -} diff --git a/protos/public/device_certificate_status.proto b/protos/public/device_certificate_status.proto deleted file mode 100644 index fe18a4e..0000000 --- a/protos/public/device_certificate_status.proto +++ /dev/null @@ -1,74 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2017 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// -// -// -// Description: -// Device certificate status list object definitions. - -syntax = "proto2"; - -package widevine; - -import "protos/public/provisioned_device_info.proto"; - -option java_outer_classname = "DeviceCertificateStatusProtos"; -option java_package = "com.google.video.widevine.protos"; - -// Contains DRM and OEM certificate status and device information for a -// specific system ID. -// TODO(user): Move this to its own file. -message DeviceCertificateStatus { - enum DeprecatedStatus { - DEPRECATED_VALID = 0; - DEPRECATED_REVOKED = 1; - } - enum Status { - STATUS_UNKNOWN = 0; - STATUS_IN_TESTING = 10; // Pre-release, active device. - STATUS_RELEASED = 20; // Released, active device. - STATUS_TEST_ONLY = 30; // Development-only device. - STATUS_REVOKED = 40; // Revoked device. - } - - // Serial number of the intermediate DrmCertificate to which this - // message refers. Required. - optional bytes drm_serial_number = 1; - // Status of the certificate. Optional & deprecated in favor of |status| - // below. - optional DeprecatedStatus deprecated_status = 2 [default = DEPRECATED_VALID]; - // Device model information about the device to which the intermediate - // certificate(s) correspond. - optional ProvisionedDeviceInfo device_info = 4; - // Serial number of the OEM X.509 intermediate certificate for this type - // of device. Present only if the device is OEM-provisioned. - optional bytes oem_serial_number = 5; - // Status of the device. Optional. - optional Status status = 6 [default = STATUS_UNKNOWN]; -} - -// List of DeviceCertificateStatus. Used to propagate certificate revocation -// status and device information. -message DeviceCertificateStatusList { - // POSIX time, in seconds, when the list was created. Required. - optional uint32 creation_time_seconds = 1; - // DeviceCertificateStatus for each system ID. - repeated DeviceCertificateStatus certificate_status = 2; - // The duration for this device certificate status list in seconds. Within - // this grace period, content provider can set device certificate status list - // in the SDK. The default time is 7 days. - optional uint32 duration_time_seconds = 3; -} - -// Signed CertificateStatusList -message SignedDeviceCertificateStatusList { - // Serialized DeviceCertificateStatusList. Required. - optional bytes certificate_status_list = 1; - // Signature of certificate_status_list. Signed with root certificate private - // key using RSASSA-PSS. Required. - optional bytes signature = 2; -} diff --git a/protos/public/drm_certificate.proto b/protos/public/drm_certificate.proto deleted file mode 100644 index 0fb3ce6..0000000 --- a/protos/public/drm_certificate.proto +++ /dev/null @@ -1,61 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2017 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -// -// Description: -// DRM certificate object definition. - -syntax = "proto2"; - -package widevine; - -option java_outer_classname = "DrmCertificateProtos"; -option java_package = "com.google.video.widevine.protos"; - -// DRM certificate definition for user devices, intermediate, service, and root -// certificates. -message DrmCertificate { - enum Type { - ROOT = 0; // ProtoBestPractices: ignore. - DEVICE_MODEL = 1; - DEVICE = 2; - SERVICE = 3; - PROVISIONER = 4; - } - enum ServiceType { - UNKNOWN_SERVICE_TYPE = 0; - LICENSE_SERVER_SDK = 1; - LICENSE_SERVER_PROXY_SDK = 2; - PROVISIONING_SDK = 3; - CAS_PROXY_SDK = 4; - } - // Type of certificate. Required. - optional Type type = 1; - // 128-bit globally unique serial number of certificate. - // Value is 0 for root certificate. Required. - optional bytes serial_number = 2; - // POSIX time, in seconds, when the certificate was created. Required. - optional uint32 creation_time_seconds = 3; - // Device public key. PKCS#1 ASN.1 DER-encoded. Required. - optional bytes public_key = 4; - // Widevine system ID for the device. Required for intermediate and - // user device certificates. - optional uint32 system_id = 5; - // Deprecated field, which used to indicate whether the device was a test - // (non-production) device. The test_device field in ProvisionedDeviceInfo - // below should be observed instead. - optional bool test_device_deprecated = 6 [deprecated = true]; - // Service identifier (web origin) for the provider which owns the - // certificate. Required for service and provisioner certificates. - optional string provider_id = 7; - // This field is used only when type = SERVICE to specify which SDK uses - // service certificate. This repeated field is treated as a set. A certificate - // may be used for the specified service SDK if the appropriate ServiceType - // is specified in this field. - repeated ServiceType service_types = 8; -} diff --git a/protos/public/errors.proto b/protos/public/errors.proto deleted file mode 100644 index 60d7751..0000000 --- a/protos/public/errors.proto +++ /dev/null @@ -1,255 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2017 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// -// -// Description: -// Definitions of the common Widevine protocol errors. - -syntax = "proto2"; - -package widevine; - -option java_package = "com.google.video.widevine.protos"; - - -enum Errors { - // Attempt to parse the signed message failed. - SIGNED_MESSAGE_PARSE_ERROR = 100; - - // Attempt to parse the license request message failed. - LICENSE_REQUEST_PARSE_ERROR = 101; - - // Attempt to parse the session state message failed. - SESSION_STATE_PARSE_ERROR = 102; - - // The license request does not contain content_id. Since client_id was - // not present, content_id was expected. - MISSING_CONTENT_ID = 103; - - // The license request does not contain license_id. Since client_id was - // not present, license_id was expected. - MISSING_LICENSE_ID = 104; - - // The license request does not contain client_id. Since this is not a - // renewal, client_id was expected. - MISSING_CLIENT_ID = 105; - - // ClientCert construction failed. - INVALID_SIGNATURE = 106; - - // Session Id from the session state does not match session Id specified. - SESSION_ID_MISMATCH = 107; - - // License Id from session state does not match license Id in the renewal - // license request. - RENEWAL_LICENSE_ID_MISMATCH = 108; - - // Signing key is missing from the session state. - MISSING_RENEWAL_SIGNING_KEY = 109; - - // Signature verification failed when using the session's state signing key. - INVALID_RENEWAL_SIGNATURE = 110; - - // System Id from the keybox is not supported. - UNSUPPORTED_SYSTEM_ID = 111; - - // Error trying to encrypt. - ENCRYPT_ERROR = 112; - - // Error trying to decrypt the keybox. - KEYBOX_DECRYPT_ERROR = 113; - - // Client Id type is not expected. - INVALID_CLIENT_CERT_TYPE = 114; - - // Error usung the keybox token. Perhaps the size is less than 72 bytes. - INVALID_KEYBOX_TOKEN = 115; - - // Unable to find a preprovisionnig key based on the system Id. Perhaps the - // device was revoked. - MISSING_PRE_PROV_KEY = 116; - - // Unable to verify the token hash. - TOKEN_HASH_MISMATCH = 117; - - // Unable to create the encryption key for the initial license. - MISSING_ENCRYPTION_KEY = 118; - - // Signing key is missing from the session state. - MISSING_SIGNING_KEY = 119; - - // Serialization failed. - UNABLE_TO_SERIALIZE_SIGNED_MESSAGE = 120; - - // Serialization failed. - UNABLE_TO_SERIALIZE_SESSION_STATE = 121; - - // Client cert is missing. Perhaps an attempt to renew with content keys. - MISSING_CLIENT_CERT = 122; - - // Attempt to use GenerateSignedLicense() for license renewal containing - // content keys. - RENEWAL_WITH_CONTENT_KEYS_NOT_ALLOWED = 123; - - // Invalid Nonce, expected as a 32 bit unsigned int. - INVALID_KEY_CONTROL_NONCE = 124; - - // Invalid renewal signing key size. For protocol version 2_0, size must be 32 - // bytes. For protocol version 2_1, size must be 64 bytes. - INVALID_RENEWAL_SIGNING_KEY_SIZE = 125; - - // Invalid Device Certificate token. Perhaps the intermediate cert was - // replaced or the device cert is corrupt. Will result in re-provisioning. - INVALID_DRM_CERTIFICATE = 126; - - // Device Certificate was revoked. - DRM_DEVICE_CERTIFICATE_REVOKED = 127; - - // Device Certificate not in the certificate status list, and unknown - // devices are not allowed. - DRM_DEVICE_CERTIFICATE_UNKNOWN = 128; - - // Invalid Certificate status list. - INVALID_CERTIFICATE_STATUS_LIST = 129; - - // Expired Certificate status list. - EXPIRED_CERTIFICATE_STATUS_LIST = 130; - - // KeyControl block generation failed. - KEYCONTROL_GENERATION_ERROR = 131; - - // The device root certificate was not set. - ROOT_CERTIFICATE_NOT_SET = 132; - - // The service certificate is invalid. - INVALID_SERVICE_CERTIFICATE = 133; - - // Service certificate not found. - SERVICE_CERTIFICATE_NOT_FOUND = 134; - - // Invalid EncryptedClientIdentification message. - INVALID_ENCRYPTED_CLIENT_IDENTIFICATION = 135; - - // No service certificates have been added. - SERVICE_CERTIFICATE_NOT_SET = 136; - - // Could not process service private key. - INVALID_SERVICE_PRIVATE_KEY = 137; - - // ClientIdentification and EncryptedClientIdentification were specified. - MULTIPLE_CLIENT_ID = 138; - - // Message is a service certificate request. - SERVICE_CERTIFICATE_REQUEST_MESSAGE = 139; - - // Invalid message type - INVALID_MESSAGE_TYPE = 140; - - // Remote attestation verification failed. - REMOTE_ATTESTATION_FAILED = 141; - - // can_play = true for license RELEASE response. - INVALID_RELEASE_CAN_PLAY_VALUE = 142; - - // can_persist = false for offline license. - INVALID_OFFLINE_CAN_PERSIST = 143; - - // Session usage table entry is malformed. - INVALID_SESSION_USAGE_TABLE_ENTRY = 144; - - // Session usage table entry signature verification failed. - INVALID_SESSION_USAGE_SIGNATURE = 145; - - // The type of ContentIdentification is unrecognized - INVALID_CONTENT_ID_TYPE = 146; - - // Unknown InitData type. - UNKNOWN_INIT_DATA_TYPE = 147; - - // InitData.init_data field is missing. - MISSING_INIT_DATA = 148; - - // InitData contains invalid ISO BMFF boxes. - INVALID_CENC_INIT_DATA = 149; - - // Malformed PSSH box. - INVALID_PSSH = 150; - - // PSSH box version not supported. - UNSUPPORTED_PSSH_VERSION = 151; - - // Widevine PSSH Data malformed. - INVALID_WIDEVINE_PSSH_DATA = 152; - - // Device capabilities are too low for the specified output protection. - DEVICE_CAPABILITIES_TOO_LOW = 153; - - // Invalid master signing key size. Must be 16 bytes. - INVALID_MASTER_SIGNING_KEY_SIZE = 154; - - // Invalid signing key size. Must be 64 bytes. - INVALID_SIGNING_KEY_SIZE = 155; - - // Keybox tokens not intialized. PreProvisioning keys not loaded. - KEYBOX_TOKEN_KEYS_NOT_INITIALIZED = 156; - - // Provider Id in device certificate does not match service Id for License - // server. Check cert used when initializing with AddDrmServiceCertificate(). - PROVIDER_ID_MISMATCH = 157; - - // Certificate chain not selected. - CERT_CHAIN_NOT_SELECTED = 158; - - // Failed to read the SRM file from specified location. - INVALID_SRM_LOCATION = 159; - - // Invalid SRM file size, HDCP2 SRM file must be at least 396 bytes. - INVALID_SRM_SIZE = 160; - - // SRM file signature validation failed. - INVALID_SRM_SIGNATURE = 161; - - // Unable to find provider. - MISSING_PROVIDER = 162; - - // Unable to find group master key id. - MISSING_GROUP_MASTER_KEY_ID = 163; - - // Unable to find group master key. - MISSING_GROUP_MASTER_KEY = 164; - - // Invalid Provider session token size. Must be less than 256 bytes. - INVALID_PROVIDER_SESSION_TOKEN_SIZE = 165; - - // Failure to decrypt data with service certificate private key. - SERVICE_PRIVATE_KEY_DECRYPT_ERROR = 166; - - // Disallowed development certificate. - DEVELOPMENT_CERTIFICATE_NOT_ALLOWED = 167; - - // Invalid message. E.g. Deserialization failed. - INVALID_MESSAGE = 168; - - // Invalid key size. - INVALID_KEY_SIZE = 169; - - // Invalid method parameter. - INVALID_PARAMETER = 170; - - // Even KeyID not specified, CasEncryptionResponse.KeyInfo.KeySlot - MISSING_EVEN_KEY_ID = 171; - - // Even Key not specified, CasEncryptionResponse.KeyInfo.KeySlot - MISSING_EVEN_KEY = 172; - - // VMP verification required for this platform, however VMP data is missing. - VMP_ERROR_PLATFORM_NOT_VERIFIED = 173; - - // VMP verification failed this platform, perhaps was tampered with. - VMP_ERROR_PLATFORM_TAMPERED = 174; - -} diff --git a/protos/public/license_protocol.proto b/protos/public/license_protocol.proto deleted file mode 100644 index ba23344..0000000 --- a/protos/public/license_protocol.proto +++ /dev/null @@ -1,419 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2016 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// -// -// Description: -// Definitions of the protocol buffer messages used in the Widevine license -// exchange protocol, described in Widevine license exchange protocol document -// TODO(user): find out a right way to strip out all the doc link. - -syntax = "proto2"; - -package widevine; - -import "protos/public/client_identification.proto"; -import "protos/public/remote_attestation.proto"; - -option java_package = "com.google.video.widevine.protos"; - -// option optimize_for = LITE_RUNTIME; -enum LicenseType { - STREAMING = 1; - OFFLINE = 2; -} - -enum PlatformVerificationStatus { - // The platform is not verified. - PLATFORM_UNVERIFIED = 0; - // Tampering detected on the platform. - PLATFORM_TAMPERED = 1; - // The platform has been verified by means of software. - PLATFORM_SOFTWARE_VERIFIED = 2; - // The platform has been verified by means of hardware (e.g. secure boot). - PLATFORM_HARDWARE_VERIFIED = 3; - // Platform verification was not performed. - PLATFORM_NO_VERIFICATION = 4; - // Platform and secure storage capability have been verified by means of - // software. - PLATFORM_SECURE_STORAGE_SOFTWARE_VERIFIED = 5; -} - -// LicenseIdentification is propagated from LicenseRequest to License, -// incrementing version with each iteration. -message LicenseIdentification { - optional bytes request_id = 1; - optional bytes session_id = 2; - optional bytes purchase_id = 3; - optional LicenseType type = 4; - optional int32 version = 5; - optional bytes provider_session_token = 6; -} - -message License { - // LINT.IfChange - message Policy { - // Indicates that playback of the content is allowed. - optional bool can_play = 1 [default = false]; - - // Indicates that the license may be persisted to non-volatile - // storage for offline use. - optional bool can_persist = 2 [default = false]; - - // Indicates that renewal of this license is allowed. - optional bool can_renew = 3 [default = false]; - - // For the |*duration*| fields, playback must halt when - // license_start_time (seconds since the epoch (UTC)) + - // license_duration_seconds is exceeded. A value of 0 - // indicates that there is no limit to the duration. - - // Indicates the rental window. - optional int64 rental_duration_seconds = 4 [default = 0]; - - // Indicates the viewing window, once playback has begun. - optional int64 playback_duration_seconds = 5 [default = 0]; - - // Indicates the time window for this specific license. - optional int64 license_duration_seconds = 6 [default = 0]; - - // The |renewal*| fields only apply if |can_renew| is true. - - // The window of time, in which playback is allowed to continue while - // renewal is attempted, yet unsuccessful due to backend problems with - // the license server. - optional int64 renewal_recovery_duration_seconds = 7 [default = 0]; - - // All renewal requests for this license shall be directed to the - // specified URL. - optional string renewal_server_url = 8; - - // How many seconds after license_start_time, before renewal is first - // attempted. - optional int64 renewal_delay_seconds = 9 [default = 0]; - - // Specifies the delay in seconds between subsequent license - // renewal requests, in case of failure. - optional int64 renewal_retry_interval_seconds = 10 [default = 0]; - - // Indicates that the license shall be sent for renewal when usage is - // started. - optional bool renew_with_usage = 11 [default = false]; - - // Indicates to client that license renewal and release requests ought to - // include ClientIdentification (client_id). - optional bool always_include_client_id = 12 [default = false]; - - // Duration of grace period before playback_duration_seconds (short window) - // goes into effect. Optional. - optional int64 play_start_grace_period_seconds = 13 [default = 0]; - - // Enables "soft enforcement" of playback_duration_seconds, letting the user - // finish playback even if short window expires. Optional. - optional bool soft_enforce_playback_duration = 14 [default = false]; - } - - message KeyContainer { - enum KeyType { - SIGNING = 1; // Exactly one key of this type must appear. - CONTENT = 2; // Content key. - KEY_CONTROL = 3; // Key control block for license renewals. No key. - OPERATOR_SESSION = 4; // wrapped keys for auxiliary crypto operations. - ENTITLEMENT = 5; // Entitlement keys. - OEM_CONTENT = 6; // Partner-specific content key. - } - - // The SecurityLevel enumeration allows the server to communicate the level - // of robustness required by the client, in order to use the key. - enum SecurityLevel { - // Software-based whitebox crypto is required. - SW_SECURE_CRYPTO = 1; - - // Software crypto and an obfuscated decoder is required. - SW_SECURE_DECODE = 2; - - // The key material and crypto operations must be performed within a - // hardware backed trusted execution environment. - HW_SECURE_CRYPTO = 3; - - // The crypto and decoding of content must be performed within a hardware - // backed trusted execution environment. - HW_SECURE_DECODE = 4; - - // The crypto, decoding and all handling of the media (compressed and - // uncompressed) must be handled within a hardware backed trusted - // execution environment. - HW_SECURE_ALL = 5; - } - - message KeyControl { - // If present, the key control must be communicated to the secure - // environment prior to any usage. This message is automatically generated - // by the Widevine License Server SDK. - optional bytes key_control_block = 1; - optional bytes iv = 2; - } - - message OutputProtection { - // Indicates whether HDCP is required on digital outputs, and which - // version should be used. - enum HDCP { - HDCP_NONE = 0; - HDCP_V1 = 1; - HDCP_V2 = 2; - HDCP_V2_1 = 3; - HDCP_V2_2 = 4; - HDCP_V2_3 = 5; - HDCP_NO_DIGITAL_OUTPUT = 0xff; - } - optional HDCP hdcp = 1 [default = HDCP_NONE]; - - // Indicate the CGMS setting to be inserted on analog output. - enum CGMS { - CGMS_NONE = 42; - COPY_FREE = 0; - COPY_ONCE = 2; - COPY_NEVER = 3; - } - optional CGMS cgms_flags = 2 [default = CGMS_NONE]; - - enum HdcpSrmRule { - HDCP_SRM_RULE_NONE = 0; - // In 'required_protection', this means most current SRM is required. - // Update the SRM on the device. If update cannot happen, - // do not allow the key. - // In 'requested_protection', this means most current SRM is requested. - // Update the SRM on the device. If update cannot happen, - // allow use of the key anyway. - CURRENT_SRM = 1; - } - optional HdcpSrmRule hdcp_srm_rule = 3 [default = HDCP_SRM_RULE_NONE]; - // Optional requirement to indicate analog output is not allowed. - optional bool disable_analog_output = 4 [default = false]; - // Optional requirement to indicate digital output is not allowed. - optional bool disable_digital_output = 5 [default = false]; - } - - message VideoResolutionConstraint { - // Minimum and maximum video resolutions in the range (height x width). - optional uint32 min_resolution_pixels = 1; - optional uint32 max_resolution_pixels = 2; - // Optional output protection requirements for this range. If not - // specified, the OutputProtection in the KeyContainer applies. - optional OutputProtection required_protection = 3; - } - - message OperatorSessionKeyPermissions { - // Permissions/key usage flags for operator service keys - // (type = OPERATOR_SESSION). - optional bool allow_encrypt = 1 [default = false]; - optional bool allow_decrypt = 2 [default = false]; - optional bool allow_sign = 3 [default = false]; - optional bool allow_signature_verify = 4 [default = false]; - } - - optional bytes id = 1; - optional bytes iv = 2; - optional bytes key = 3; - optional KeyType type = 4; - optional SecurityLevel level = 5 [default = SW_SECURE_CRYPTO]; - optional OutputProtection required_protection = 6; - // NOTE: Use of requested_protection is not recommended as it is only - // supported on a small number of platforms. - optional OutputProtection requested_protection = 7; - optional KeyControl key_control = 8; - optional OperatorSessionKeyPermissions operator_session_key_permissions = 9; - // Optional video resolution constraints. If the video resolution of the - // content being decrypted/decoded falls within one of the specified ranges, - // the optional required_protections may be applied. Otherwise an error will - // be reported. - // NOTE: Use of this feature is not recommended, as it is only supported on - // a small number of platforms. - repeated VideoResolutionConstraint video_resolution_constraints = 10; - // Optional flag to indicate the key must only be used if the client - // supports anti rollback of the user table. Content provider can query the - // client capabilities to determine if the client support this feature. - optional bool anti_rollback_usage_table = 11 [default = false]; - // Optional not limited to commonly known track types such as SD, HD. - // It can be some provider defined label to identify the track. - optional string track_label = 12; - } - - optional LicenseIdentification id = 1; - optional Policy policy = 2; - repeated KeyContainer key = 3; - // Time of the request in seconds (UTC) as set in - // LicenseRequest.request_time. If this time is not set in the request, - // the local time at the license service is used in this field. - optional int64 license_start_time = 4; - // TODO(b/65054419): Deprecate remote_attestation_verified in favor of - // platform_verification_status, below. - optional bool remote_attestation_verified = 5 [default = false]; - // Client token generated by the content provider. Optional. - optional bytes provider_client_token = 6; - // 4cc code specifying the CENC protection scheme as defined in the CENC 3.0 - // specification. Propagated from Widevine PSSH box. Optional. - optional uint32 protection_scheme = 7; - // 8 byte verification field "HDCPDATA" followed by unsigned 32 bit minimum - // HDCP SRM version (whether the version is for HDCP1 SRM or HDCP2 SRM - // depends on client max_hdcp_version). - optional bytes srm_requirement = 8; - // If present this contains a signed SRM file (either HDCP1 SRM or HDCP2 SRM - // depending on client max_hdcp_version) that should be installed on the - // client device. - optional bytes srm_update = 9; - // Indicates the status of any type of platform verification performed by the - // server. - optional PlatformVerificationStatus platform_verification_status = 10 - [default = PLATFORM_NO_VERIFICATION]; - // IDs of the groups for which keys are delivered in this license, if any. - repeated bytes group_ids = 11; -} - -enum ProtocolVersion { - VERSION_2_0 = 20; - VERSION_2_1 = 21; - VERSION_2_2 = 22; -} - -message LicenseRequest { - message ContentIdentification { - message WidevinePsshData { - repeated bytes pssh_data = 1; - optional LicenseType license_type = 2; - optional bytes request_id = 3; // Opaque, client-specified. - } - - message WebmKeyId { - optional bytes header = 1; - optional LicenseType license_type = 2; - optional bytes request_id = 3; // Opaque, client-specified. - } - - message ExistingLicense { - optional LicenseIdentification license_id = 1; - optional int64 seconds_since_started = 2; - optional int64 seconds_since_last_played = 3; - optional bytes session_usage_table_entry = 4; - } - - message InitData { - enum InitDataType { - CENC = 1; - WEBM = 2; - } - - optional InitDataType init_data_type = 1 [default = CENC]; - optional bytes init_data = 2; - optional LicenseType license_type = 3; - optional bytes request_id = 4; - } - - oneof content_id_variant { - // Exactly one of these must be present. - WidevinePsshData widevine_pssh_data = 1; - WebmKeyId webm_key_id = 2; - ExistingLicense existing_license = 3; - InitData init_data = 4; - } - } - - enum RequestType { - NEW = 1; - RENEWAL = 2; - RELEASE = 3; - } - - // The client_id provides information authenticating the calling device. It - // contains the Widevine keybox token that was installed on the device at the - // factory. This field or encrypted_client_id below is required for a valid - // license request, but both should never be present in the same request. - optional ClientIdentification client_id = 1; - optional ContentIdentification content_id = 2; - optional RequestType type = 3; - // Time of the request in seconds (UTC) as set by the client. - optional int64 request_time = 4; - // Old-style decimal-encoded string key control nonce. - optional bytes key_control_nonce_deprecated = 5; - optional ProtocolVersion protocol_version = 6 [default = VERSION_2_0]; - // New-style uint32 key control nonce, please use instead of - // key_control_nonce_deprecated. - optional uint32 key_control_nonce = 7; - // Encrypted ClientIdentification message, used for privacy purposes. - optional EncryptedClientIdentification encrypted_client_id = 8; -} - -message LicenseError { - enum Error { - // The device credentials are invalid. The device must re-provision. - INVALID_DRM_DEVICE_CERTIFICATE = 1; - // The device credentials have been revoked. Re-provisioning is not - // possible. - REVOKED_DRM_DEVICE_CERTIFICATE = 2; - // The service is currently unavailable due to the backend being down - // or similar circumstances. - SERVICE_UNAVAILABLE = 3; - } - optional Error error_code = 1; -} - -message MetricData { - enum MetricType { - // The time spent in the 'stage', specified in microseconds. - LATENCY = 1; - // The UNIX epoch timestamp at which the 'stage' was first accessed in - // microseconds. - TIMESTAMP = 2; - } - - message TypeValue { - optional MetricType type = 1; - // The value associated with 'type'. For example if type == LATENCY, the - // value would be the time in microseconds spent in this 'stage'. - optional int64 value = 2 [default = 0]; - } - - // 'stage' that is currently processing the SignedMessage. Required. - optional string stage_name = 1; - // metric and associated value. - repeated TypeValue metric_data = 2; -} - -message VersionInfo { - // License SDK version reported by the Widevine License SDK. This field - // is populated automatically by the SDK. - optional string license_sdk_version = 1; - // Version of the service hosting the license SDK. This field is optional. - // It may be provided by the hosting service. - optional string license_service_version = 2; -} - -message SignedMessage { - enum MessageType { - LICENSE_REQUEST = 1; - LICENSE = 2; - ERROR_RESPONSE = 3; - SERVICE_CERTIFICATE_REQUEST = 4; - SERVICE_CERTIFICATE = 5; - SUB_LICENSE = 6; - CAS_LICENSE_REQUEST = 7; - CAS_LICENSE = 8; - } - - optional MessageType type = 1; - optional bytes msg = 2; - optional bytes signature = 3; - optional bytes session_key = 4; - // Remote attestation data which will be present in the initial license - // request for ChromeOS client devices operating in verified mode. Remote - // attestation challenge data is |msg| field above. Optional. - optional RemoteAttestation remote_attestation = 5; - - repeated MetricData metric_data = 6; - // Version information from the SDK and license service. This information is - // provided in the license response. - optional VersionInfo service_version_info = 7; -} diff --git a/protos/public/license_server_sdk.proto b/protos/public/license_server_sdk.proto deleted file mode 100644 index a5f9387..0000000 --- a/protos/public/license_server_sdk.proto +++ /dev/null @@ -1,121 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2016 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -// -// Description: -// Definitions of the protocol buffer messages used in the Widevine License -// Server SDK. - -syntax = "proto2"; - -package widevine; - -import "protos/public/license_protocol.proto"; -import "protos/public/widevine_pssh.proto"; - -option java_package = "com.google.video.widevine.protos"; - -// This message is used to pass optional data on initial license issuance. -// LINT.IfChange -message SessionInit { - optional bytes session_id = 1; - optional bytes purchase_id = 2; - // master_signing_key should be 128 bits in length. - optional bytes master_signing_key = 3; - // signing_key should be 512 bits in length to be split into two - // (server || client) HMAC-SHA256 keys. - optional bytes signing_key = 4; - optional int64 license_start_time = 5; - // Client token for the session. This session is for use by the license - // provider, and is akin to a client cookie. It will be copied to - // License::provider_client_token, and sent back by the client in - // ClientIdentification::provider_client_token in all license requests - // thereafter. - optional bytes provider_client_token = 6; - // Session token for the session. This token is for use by the license - // provider, and is akin to a session cookie. It will be copied to - // LicenseIdentfication::provider_session_token, and sent back in all - // license renewal and release requests for the session thereafter. - optional bytes provider_session_token = 7; - // If false and the request contains a provider_client_token, use the token - // from the request even if SessionInit.provider_client_token is specified. - // If true and the request contains a provider_client_token, use - // SessionInit.provider_client_token. - optional bool override_provider_client_token = 8 [default = false]; - // Set true if group key(s) should not be included in the license. If true, - // the result license will contain keys for the current content only, - // therefore the license cannot be used to playback other content in the same - // group. - optional bool exclude_group_key = 9 [default = false]; - // If set to true, the OEM Crypto API version will be not be reflected in the - // license response. - optional bool disable_oem_crypto_api_version_reflection = 10 - [default = false]; - // For testing use only. Service Providers can test how devices are handling - // the version reflection in KCB (key control block) by specifying the api - // version that is reflected back in the KCB. If an override is specified, - // the override value will be used in the KCB instead of the api version - // specified by the client in client_capabilities. - // Crypto API version is represented as 4 bytes, for example 'kcxx', where xx - // is the API version. Some valid values are: 'kc09', kc10', kc14'. Only the - // first 4 bytes are used and additional bytes are ignored. - optional bytes override_oem_crypto_api_version = 11; -} - -// This message is used by the server to preserve and restore session state. -message SessionState { - optional LicenseIdentification license_id = 1; - optional bytes signing_key = 2; - optional uint32 keybox_system_id = 3; - // Provider client token sent back in the license. - optional bytes provider_client_token = 4; - // License counter associated with the avove token. - optional uint32 license_counter = 5; -} - -message ContentInfo { - message ContentInfoEntry { - message Pssh { - optional bytes system_id = 1; - oneof pssh_data { - // Populated for non-Widevine PSSH boxes. - bytes raw_data = 2; - // Populated if system_id matches Widevine’s system ID. - WidevinePsshData widevine_data = 3; - } - } - - repeated bytes key_ids = 1; - // Populated if init_data_type = CENC. - optional Pssh pssh = 2; - } - - optional LicenseRequest.ContentIdentification.InitData.InitDataType - init_data_type = 1; - repeated ContentInfoEntry content_info_entry = 2; -} - -// Usage report sent in a license release. -message SessionUsage { - enum ClockSecurityLevel { - INSECURE_CLOCK = 0; - SECURE_TIMER = 1; - SECURE_CLOCK = 2; - HW_SECURE_CLOCK = 3; - } - // Set to true is the license was used. - optional bool license_used = 1; - // Set to true is the license was released. - optional bool license_released = 2; - optional ClockSecurityLevel clock_security_level = 3; - optional uint64 seconds_since_license_received = 4; - // The decrypt values are only set if the license was used. - optional uint64 seconds_since_first_decrypt = 5; - optional uint64 seconds_since_last_decrypt = 6; - optional bytes provider_session_token = 7; -} diff --git a/protos/public/license_services.proto b/protos/public/license_services.proto deleted file mode 100644 index d54419f..0000000 --- a/protos/public/license_services.proto +++ /dev/null @@ -1,416 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2016 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -// Data and Service definitions for Widevine DRM Service. - -syntax = "proto2"; - -option java_package = "com.google.video.widevine.licensing"; - -import "protos/public/client_identification.proto"; -import "protos/public/license_protocol.proto"; - -import "protos/public/license_server_sdk.proto"; - -package widevine; - -// TODO(user): refactor license_services.proto and sdk_stats.proto. - -enum ModularDrmType { - WIDEVINE = 0; - PLAYREADY = 1; - FAIRPLAY = 2; -} - -// LINT.IfChange -// The Modular DRM license request sent to the RPC service. -message ModularDrmLicenseRequest { - // The request payload. This is usually the HTTP Post body of a request. - // Required. - optional bytes payload = 1; - - // A ContentKeySpec identifies a content key by track type name. It also - // specifies the policy that should be used for this key. - // LINT.IfChange - message ContentKeySpec { - // A track type is used to represent a set of tracks that share the same - // content key and security level. Common values are SD, HD, UHD1, UHD2 - // and AUDIO. Content providers may use arbitrary strings for track type - // as long as they are consistent with the track types used at registration - // time. Required. - optional string track_type = 1; - - // The following settings override pre-stored settings referenced by the - // policy_name. - // Security level defines the robustness requirements on key handling at - // client side. - optional License.KeyContainer.SecurityLevel security_level = 2; - optional License.KeyContainer.OutputProtection required_output_protection = - 3; - optional License.KeyContainer.OutputProtection requested_output_protection = - 4; - // Optional content key Id for this track. If specified, this Id is used to - // identify the key for this track. If not specified, the license server - // will either generate or lookup the key Id for this track. - optional bytes key_id = 5; - // Optional content key for this track. If specified, this key is used to - // build the license. If not specified, the license server will generate - // or lookup the key for this track. - optional bytes key = 6; - - // TODO (robinconnell): iv, key_type, and operator_session_key_permissions - // where added to support OPERATION_SESSION licenses. But with the addition - // of the field the ContentKeySpec message is almost the same as the - // License.KeyContainer message. Merge the two messages needs to be - // investigated. - - // Optional iv used to encrypt the keys. If not specified random iv will be - // generated. - optional bytes iv = 7; - optional License.KeyContainer.KeyType key_type = 8; - optional License.KeyContainer.OperatorSessionKeyPermissions - operator_session_key_permissions = 9; - - // Optional video resolution constraints. If the video resolution of the - // content being decrypted/decoded falls within one of the specified ranges, - // the optional required_protections may be applied. Otherwise an error will - // be reported. - repeated License.KeyContainer.VideoResolutionConstraint - video_resolution_constraints = 10; - - // Video feature associated with this key. Common value is HDR. - // If specified and the key_id/key is not specified, this value will be - // used to derive the key_id/key. - optional string video_feature = 11; - } - - // Specifies a list of content keys and policies to be included in a license. - repeated ContentKeySpec content_key_specs = 2; - - // A shortcut for specifying which track types should be included in a - // license. - // This field is ignored if one or more content_key_specs is specified. - // LINT.IfChange - enum CommonTrackTypeSet { - // Implies SD and HD. - SD_HD = 0; - // Implies SD only. - SD_ONLY = 1; - // Implies SD, HD, and UHD1. - SD_UHD1 = 2; - // Implies SD, HD, UHD1 and UHD2. - SD_UHD2 = 3; - } - optional CommonTrackTypeSet allowed_track_types = 3 [default = SD_UHD1]; - - // Identifier used to derive KeyId(s) and Content Key(s) - // for each content_key_specs.track_type. Required only - // when the content id isn't part of the PSSH. Used for - // backward-compatibility with existing YouTube CENC - // videos. Ignored for assets whose PSSH includes a - // content id. - optional bytes content_id = 4; - - // Used to look up Content Key(s) and policy. Required. - optional string provider = 5; - - // A blob of data to be sent to client and bounce back in subsequent heartbeat - // requests. Maps to license.license_id.prchase.id. - optional string replay_data = 6; - - // License policy information could come from various sources. For any given - // field in a policy, the final value is determined by (in the order by - // highest precedence to lowest) - // 1. request.policy // acts as policy override. - // 2. if !use_policy_overrides_exclusively, - // if request.has_policy_name - // GetStoredPolicy(request.policy_name) - // else - // GetStoredPolicy(GetRegisteredAsset(request.content_id).policy_name) - - // Policy overrides specified by a content provider proxy. - optional License.Policy policy_overrides = 7; - - // Use a previously registered policy named . - optional string policy_name = 8; - - // Use Policy attributes specified by policy_overrides and - // skip any Policy lookup from storage. - optional bool use_policy_overrides_exclusively = 9 [default = false]; - - // Indicates whether this is a Widevine, PlayReady or FairPlay license - // request. - optional ModularDrmType drm_type = 10 [default = WIDEVINE]; - - // This is now handled as a server configuration, only enabled for QA and UAT. - optional bool allow_test_device_deprecated = 11 [deprecated = true]; - - // The IP Address of the portal that is forwarding the license request from - // the device. - optional string client_ip_address = 13; - - // The client software identifier, as used by HTTP. - optional string user_agent = 14; - - // Client token owned by Content Provider. This value is added to the - // license response. - // TODO(user): Deprecated and use session_init instead. - optional bytes provider_client_token = 15; - - // Session token owned by Content Provider. This value is added to the - // license response. - // TODO(user): Deprecated and use session_init instead. - optional bytes provider_session_token = 16; - - // Pass optional data to initial license. - optional SessionInit session_init = 17; - - // Indicates whether to process the license request and return the parsed data - // only, hence not generating an actual license. - optional bool parse_only = 18 [default = false]; - - // The request identifier for this license request as specified by the - // content provider proxy. Optional. - optional string content_provider_request_id = 19 [default = "unspecified"]; - - // Indicates all key and iv values in ContentKeySpec are encrypted with this - // sesion key. This session key is encrypted with the providers AES key. If - // session_key is used, session_iv must also be specified. - optional bytes session_key = 20; - - // Indicates all key and iv values in ContentKeySpec are encrypted with this - // session IV. This session IV is encrypted with the provider's AES key. - optional bytes session_iv = 21; - - // In prod environment, normally license request from IN_TESTING devices - // will be rejected. But if test_content is true, such request from - // a IN_TESTING device will succeed. - // In all other environments, test_content has no impact, licensing for - // IN_TESTING wil be allowed regardless. - // See b/26692995 for more info. - optional bool test_content = 22 [default = false]; - - // The name of the provider making the request. This field will be - // populated by content providers who are serving content packaged by - // content owners. If the content owner and content provider are the same, - // this field will be empty. - // Example: Play is a content provider which serves content packaged and - // owned by the content owner, YouTube. - optional string requesting_provider = 23; - - // Serialized ClientIdentification protobuf message returned by the Proxy SDK - // GetClientInfoAsAtring() API. - optional bytes client_id_msg = 24; - - // If set to true and the device is L3, return AUDIO and SD keys only. - // This takes precedence over allowed_track_types. - optional bool sd_only_for_l3 = 25 [default = false]; - - // Content providers who host their own service certificate must set this - // field by using the ProxySDK(internally, RequestInspector) API. - optional PlatformVerificationStatus platform_verification_status = 26 - [default = PLATFORM_NO_VERIFICATION]; - - // By default, a license request will fail if VMP status is unverified for - // Chrome. Set this field to 'true' to allow license request to succeed when - // VMP status is unverified for Chrome platforms. - // TODO (b/126434032) Change the default to false once partners are notified - optional bool allow_unverified_platform = 27 [default = true]; - - // By default, a license request will fail if VMP status is tampered for - // Chrome. Set this field to 'true' to allow license request to succeed when - // VMP status is tampered for Chrome platforms. - // TODO (b/126434032) Change the default to false once partners are notified - optional bool allow_tampered_platform = 28 [default = true]; - - // A shortcut for specifying whether to return keys for the video feature only - // or to return all keys or ignore the video feature. - // The VideoFeatureKeySet only applies when video feature is specified in the - // PSSH. - enum VideoFeatureKeySet { - VF_UNSPECIFIED = 0; - // License should not include keys for the video feature, instead only - // include keys not associated with the video feature. - VF_EXCLUDED = 1; - // License should only include keys associated with the video feature - // (e.g., HDR). - VF_ONLY = 2; - // License should include keys for the video feature and also for keys - // not associated with the video feature (e.g., SDR keys). - VF_INCLUDED = 3; - } - // This field is ignored if one or more content_key_specs is specified. - optional VideoFeatureKeySet video_feature_key_set = 29 - [default = VF_EXCLUDED]; -} - - -// LINT.IfChange -// A generic protobuf used as the request format of various Modular DRM APIs, -// including GetModularDrmLicense and KeyRequest APIs. -// The following docs describe how the proto is interpreted by various APIs. -message SignedModularDrmRequest { - // For GetModularDrmLicenseExternal, request is a ModularDrmLicenseRequest in - // JSON format. - optional bytes request = 1; - optional bytes signature = 2; - // Identifies the entity sending / signing the request. - optional string signer = 3; - // The IP Address of the portal that is forwarding the request from the - // original sender. - optional string client_ip_address = 4; - // The client software identifier, as used by HTTP. - optional string user_agent = 5; - // The request identifier for this license request as specified by the - // content provider proxy. Optional. - optional string content_provider_request_id = 6 [default = "unspecified"]; - // The provider on behalf of whom, this request is made. This field will be - // populated by content providers who are serving content packaged by content - // owners ("signer"). - optional string provider = 7; -} - -// LINT.IfChange -message SignedModularDrmResponse { - // A CommonEncryptionResponse message in JSON format. - optional bytes response = 1; - optional bytes signature = 2; -} - - -message LicenseMetadata { - // DRM-specific status code from the WvmStatus enum. It's a uint32 here - // because providers can use the 'setstatus' field to supply their own - // arbitrary return values. - optional uint32 drm_status_code = 1; - // Asset Identifier that was generated by this DRM service. - optional uint64 asset_id = 2; - optional string asset_name = 4; -} - - -// LINT.IfChange -message ModularDrmLicenseResponse { - enum Status { - OK = 0; - SIGNATURE_FAILED = 1; - INVALID_LICENSE_CHALLENGE = 2; - INVALID_CONTENT_INFO = 3; - POLICY_UNKNOWN = 4; - MALFORMED_REQUEST = 5; - INTERNAL_ERROR = 6; - PROVIDER_MISSING = 7; - INVALID_REQUEST = 8; - ACCESS_DENIED = 9; - SIGNING_KEY_EXPIRED = 10; - } - optional Status status = 1; - optional string status_message = 2; - optional bytes license = 3; - message LicenseMetadata { - optional bytes content_id = 1; - optional LicenseType license_type = 2; - optional LicenseRequest.RequestType request_type = 3; - // The current SRM version sent back to client in the license. - optional uint32 srm_version = 4; - // Whether SRM file was included in the license. - optional bool srm_included = 5 [default = false]; - // Sets the value from - // ClientIdentification.ClientCapabilities.can_update_srm in the license - // request. - optional bool can_update_srm = 6 [default = false]; - // SessionInit that was used when generating the license. - optional SessionInit session_init = 7; - } - optional LicenseMetadata license_metadata = 4; - message Track { - optional string type = 1; - optional bytes key_id = 2; - optional string video_feature = 3; - } - // A subset of data from the Widevine PSSH. - message Pssh { - repeated bytes key_id = 1; - optional bytes content_id = 2; - } - // List of tracks for which keys exist in the license response. - repeated Track supported_tracks = 5; - // Make as identified from the provisioned device info. If that is not - // available, the device make will be retrieved from the license request. - optional string make = 6; - // Model as identified from the provisioned device info. If that is not - // available, the device model will be retrieved from the license request. - optional string model = 7; - // Set to true if the license request contained remote attestation challenge - // and the challenge was verified. - optional bool remote_attestation_verified = 8; - // Widevine-defined security level. - optional uint32 security_level = 9; - // Actual SDK license status as defined in widevine/protos/public/errors.proto - optional uint32 internal_status = 10; - // Usage report sent in a license release. - optional SessionUsage session_usage = 11; - optional SessionState session_state = 12; - // Globally unique serial number of certificate associated with this - // device. - optional bytes drm_cert_serial_number = 13; - // Whether the device (make/model) making the license request is whitelisted. - // Indicates the type of message in the license response. - optional SignedMessage.MessageType message_type = 15; - // Optional Android Id reported by the Android client. - // See go/avi-unique-device-id - optional bytes android_id = 16; - // If this is a group key license, this is the group identifier from the PSSH. - optional bytes group_id = 17; - // Platform specifies the OS or device type and perhaps other software - // information for the device receving this license response. - // Example: Android, iOS, Chrome, PC. - optional string platform = 18; - optional Pssh pssh_data = 20; - // Maximum HDCP version specified by the client. - optional ClientIdentification.ClientCapabilities.HdcpVersion - client_max_hdcp_version = 21; - // Optional client information name/value pairs from the client. - repeated ClientIdentification.NameValue client_info = 22; - // Optional number of seconds before a signing key expires. - optional int64 signature_expiration_secs = 23; - // Set to true, if license request was for "live" stream. - optional bool is_live = 24 [default = false]; - // Platform verification status - optional PlatformVerificationStatus platform_verification_status = 25 - [default = PLATFORM_UNVERIFIED]; - // The "provider" field in ModularDrmLicenseRequest. - optional string content_owner = 26; - // The "requesting_provider" in ModularDrmLicenseRequest. If - // "requesting_provider" is empty, then "provider" from - // ModularDrmLicenseRequest will be set here. - optional string content_provider = 27; - // SystemID of the requesting device. - optional uint32 system_id = 28; -} - -message LicenseResponse { - // Each license is a Base64-encoded string which is of the format - // . Multiple licenses are separated by a - // comma. Required. - optional string licenses = 2; - // License for the requested asset. This should not be returned to the - // client, but possibly evaluated by the provider. The number of - // license_metadata fields must be the same as the number of licenses. - // Required. - repeated LicenseMetadata license_metadata = 3; - // Make as specified in the license request. - optional string make = 4; - // Model as specified in the license request. - optional string model = 5; - // Platform specifies the OS or device type and perhaps other software - // information for the device receving this license response. - // Example: Android, iOS, Chrome, PC. - optional string platform = 6; -} - diff --git a/protos/public/media_cas_encryption.proto b/protos/public/media_cas_encryption.proto deleted file mode 100644 index 84f8044..0000000 --- a/protos/public/media_cas_encryption.proto +++ /dev/null @@ -1,74 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2018 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -// Protocol buffer definitions for Widevine CAS. - -syntax = "proto2"; - -package widevine; - -option java_package = "com.google.video.widevine.mediacasencryption"; - -message CasEncryptionRequest { - optional bytes content_id = 1; - optional string provider = 2; - // Optional track types such as "AUDIO", SD" or "HD". - repeated string track_types = 3; - // Indicates if the client is using key rotation. If true, the server will - // return one key for EVEN and one key for ODD, otherwise only a single key is - // returned. - optional bool key_rotation = 4; -} - -message CasEncryptionResponse { - enum Status { - STATUS_UNSPECIFIED = 0; - OK = 1; - SIGNATURE_FAILED = 2; - ACCESS_DENIED = 3; - INTERNAL_ERROR = 4; - INVALID_ARGUMENT = 5; - PROVIDER_ID_MISSING = 6; - CONTENT_ID_MISSING = 7; - TRACK_TYPE_MISSING = 8; - } - message KeyInfo { - enum KeySlot { - KEY_SLOT_UNSPECIFIED = 0; - SINGLE = 1; - EVEN = 2; - ODD = 3; - } - optional bytes key_id = 1; - optional bytes key = 2; - // Optional label used for the key. - optional string track_type = 3; - optional KeySlot key_slot = 4; - } - optional Status status = 1; - optional string status_message = 2; - optional bytes content_id = 3; - repeated KeyInfo entitlement_keys = 4; -} - -message SignedCasEncryptionRequest { - optional bytes request = 1; - optional bytes signature = 2; - // Identifies the entity sending / signing the request. - optional string signer = 3; -} - -message SignedCasEncryptionResponse { - // Serialized CasEncryptionResponse message. - optional bytes response = 1; - optional bytes signature = 2; -} - -message HttpResponse { - optional bytes response = 1; -} diff --git a/protos/public/media_cas_license.proto b/protos/public/media_cas_license.proto deleted file mode 100644 index 94a0f97..0000000 --- a/protos/public/media_cas_license.proto +++ /dev/null @@ -1,129 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2018 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// -// -// Description: -// Definitions of the protocol buffer messages used in the Widevine license -// exchange protocol for Media CAS. - -syntax = "proto2"; - -option java_package = "com.google.video.widevine.mediacaslicense"; - - -import "protos/public/license_protocol.proto"; -import "protos/public/license_server_sdk.proto"; -import "protos/public/media_cas_encryption.proto"; - -package widevine; - -message CasDrmLicenseRequest { - // The request payload. This is usually the HTTP Post body of a request. - // Required. - optional bytes payload = 1; - // The content provider whose proxy is sending this license request onto the - // Widevine license service. Required. - optional string provider_id = 2; - // An identifier supplied by a content provider, used to identify a piece of - // content and derive key IDs and content keys. - optional bytes content_id = 3; - // A ContentKeySpec identifies a content key by track type name. It also - // specifies the policy that should be used for this key. - // TODO(user): Consolidate this ContentKeySpec with - // ModularDrmLicenseRequest_ContentKeySpec. Both should include a common - // ContentKeySpec. - message ContentKeySpec { - optional License.KeyContainer.SecurityLevel security_level = 1; - optional License.KeyContainer.OutputProtection required_output_protection = - 2; - optional License.KeyContainer.OutputProtection requested_output_protection = - 3; - // Optionally specify even, odd or single slot for key rotation. - repeated CasEncryptionResponse.KeyInfo entitlement_keys = 4; - optional License.KeyContainer.KeyType key_type = 5; - } - repeated ContentKeySpec content_key_specs = 4; - // Policy for the entire license such as playback duration. - optional License.Policy policy = 5; -} - -message CasDrmLicenseResponse { - enum Status { - UNKNOWN = 0; - OK = 1; - SIGNATURE_FAILED = 2; - INVALID_LICENSE_CHALLENGE = 3; - PROVIDER_ID_MISSING = 4; - INVALID_CONTENT_INFO = 5; - EMPTY_CONTENT_INFO = 6; - CONTENT_ID_MISMATCH = 7; - MISSING_CONTENT_ID = 8; - MALFORMED_REQUEST = 9; - INTERNAL_ERROR = 10; - } - optional Status status = 1; - optional string status_message = 2; - // Serialzed bytes for a CAS license. - // TODO(user): Until a CAS license protocol is defined, this field is a - // serialized License message defined in license_protocol.proto. - optional bytes license = 3; - // Actual SDK license status as defined in widevine/protos/public/errors.proto - optional uint32 internal_status = 4; - // Indicates the type of message in the license response. - optional SignedMessage.MessageType message_type = 5; - // A subset of data from the Widevine PSSH. - message PsshData { - repeated bytes key_id = 1; - optional bytes content_id = 2; - // If this is a group key license, this is the group identifier. - optional bytes group_id = 3; - } - message LicenseMetadata { - optional bytes content_id = 1; - repeated bytes key_id = 2; - } - optional PsshData pssh_data = 6; - optional SessionState session_state = 7; - optional string content_owner = 8; - optional string content_provider = 9; - optional LicenseMetadata license_metadata = 10; - message DeviceInfo { - // Make as identified from the provisioned device info. If that is not - // available, the device make will be retrieved from the license request. - optional string make = 1; - // Model as identified from the provisioned device info. If that is not - // available, the device model will be retrieved from the license request. - optional string model = 2; - // Widevine-defined device security level. - optional uint32 security_level = 3; - // Globally unique serial number of certificate associated with this - // device. - optional bytes drm_cert_serial_number = 4; - // Platform specifies the OS or device type and perhaps other software - // information for the device receving this license response. - // Example: Android, iOS, Chrome, PC. - optional string platform = 5; - // SystemID of the requesting device. - optional uint32 system_id = 6; - } - // Device information for the device making the CAS license request. - optional DeviceInfo device_info = 11; -} - -message SignedCasDrmRequest { - optional bytes request = 1; - optional bytes signature = 2; - // Identifies the entity sending / signing the request. Required if signature - // is present. - optional string signer = 3; - // The IP Address of the portal that is forwarding the request from the - // original sender. - optional string client_ip_address = 4; - // The client software identifier, as used by HTTP. - optional string user_agent = 5; - optional string provider = 6; -} diff --git a/protos/public/provisioned_device_info.proto b/protos/public/provisioned_device_info.proto deleted file mode 100644 index f6d4104..0000000 --- a/protos/public/provisioned_device_info.proto +++ /dev/null @@ -1,73 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2016 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -// Description: -// Provisioned device info format definitions. - -syntax = "proto2"; - -package widevine; - -option java_package = "com.google.video.widevine.protos"; -option java_outer_classname = "ProvisionedDeviceInfoProto"; - -// Contains device model information for a provisioned device. -message ProvisionedDeviceInfo { - enum WvSecurityLevel { - // Defined in Widevine Security Integration Guide for DASH on Android: - // http://doc/1Zum-fcJeoIw6KG1kDP_KepIE5h9gAZg0PaMtemBvk9c/edit#heading=h.1t3h5sf - LEVEL_UNSPECIFIED = 0; - LEVEL_1 = 1; - LEVEL_2 = 2; - LEVEL_3 = 3; - } - // Widevine initial provisioning / bootstrapping method. DRM certificates are - // required for retrieving licenses, so if a DRM certificate is not initially - // provisioned, then the provisioned credentials will be used to provision - // a DRM certificate via the Widevine Provisioning Service. - enum ProvisioningMethod { - // Don't use this. - PROVISIONING_METHOD_UNSPECIFIED = 0; - // Factory-provisioned device-unique keybox. - FACTORY_KEYBOX = 1; - // Factory-provisioned device-unique OEM certificate. - FACTORY_OEM_DEVICE_CERTIFICATE = 2; - // Factory-provisioned model-group OEM certificate. - FACTORY_OEM_GROUP_CERTIFICATE = 3; - // Factory-provisioned model-group DRM certificate (Level-3 "baked in"). - FACTORY_DRM_GROUP_CERTIFICATE = 4; - // OTA-provisioned keybox (Level-1 ARC++). - OTA_KEYBOX = 5; - // OTA-provisioned device-unique OEM certificate. - OTA_OEM_DEVICE_CERTIFICATE = 6; - // OTA-provisioned model-group OEM certificate. - OTA_OEM_GROUP_CERTIFICATE = 7; - // OTA-provisioned device-unique DRM certificate (Bedrock). - OTA_DRM_DEVICE_CERTIFICATE = 8; - } - - // Widevine system ID for the device. Mandatory. - optional uint32 system_id = 1; - // Name of system-on-a-chip. Optional. - optional string soc = 2; - // Name of manufacturer. Optional. - optional string manufacturer = 3; - // Manufacturer's model name. Matches "brand" in device metadata. Optional. - optional string model = 4; - // Type of device (Phone, Tablet, TV, etc). - optional string device_type = 5; - // Device model year. Optional. - optional uint32 model_year = 6; - // Widevine-defined security level. Optional. - optional WvSecurityLevel security_level = 7 [default = LEVEL_UNSPECIFIED]; - // True if the certificate corresponds to a test (non production) device. - // Optional. - optional bool test_device = 8 [default = false]; - // Indicates the type of device root of trust which was factory provisioned. - optional ProvisioningMethod provisioning_method = 9; -} diff --git a/protos/public/remote_attestation.proto b/protos/public/remote_attestation.proto deleted file mode 100644 index 618706b..0000000 --- a/protos/public/remote_attestation.proto +++ /dev/null @@ -1,30 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2017 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// -// -// Description: -// Remote attestation is used by ChromeOS device to authenticate itself -// to Widevine services for both licensing and keybox provisioning. - -syntax = "proto2"; - -package widevine; - -import "protos/public/client_identification.proto"; - -option java_package = "com.google.video.widevine.protos"; - -message RemoteAttestation { - // Encrypted ClientIdentification message containing the device remote - // attestation certificate. Required. - optional EncryptedClientIdentification certificate = 1; - // Bytes of salt which were added to the remote attestation challenge prior to - // signing it. Required. - optional bytes salt = 2; - // Signed remote attestation challenge + salt. Required. - optional bytes signature = 3; -} diff --git a/protos/public/sdk_stats.proto b/protos/public/sdk_stats.proto deleted file mode 100644 index 170d265..0000000 --- a/protos/public/sdk_stats.proto +++ /dev/null @@ -1,71 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2016 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -// -// Main protocol buffers for Widevine external SDK -// licensing statistics. -// Design doc: -// https://docs.google.com/document/d/1yyt5TxApYbI0N07aH94zwnKYuzYdFcmqZtC3jCyph8k/edit# - -syntax = "proto2"; - -package widevine; - -option java_package = "com.google.video.widevine.protos"; -option java_outer_classname = "LicenseStatsProtos"; - - -message DeviceLicenseCounterByStatus { - // The response status sent by the SDK in response to the license request. - // Required. - optional int32 license_status = 1; - // Count of licenses for this status code. Required. - optional int64 count = 2; -} - -message DeviceLicenseCounterByModel { - // The model of the device sending a license request to the Widevine SDK. - // Optional. - optional string device_model = 1; - // license status specific breakdown of counter data - repeated DeviceLicenseCounterByStatus counter_by_status = 2; -} - -message DeviceLicenseCounterByMake { - // The make of the device sending a license request to the Widevine SDK. - // Optional. - optional string device_make = 1; - // device model specific breakdown of counter data. - repeated DeviceLicenseCounterByModel counter_by_model = 2; -} - -message DeviceLicenseCounterBySystemId { - // The system identifier for the device make/model family. Optional. - optional int32 device_system_id = 1; - // device make specific breakdown of counter data. - repeated DeviceLicenseCounterByMake counter_by_make = 2; -} - -message DeviceLicenseCounterRequest { - // The provider hosting the Widevine SDK. Required. - optional string provider = 1; - // The collection start time in UTC for this counter data. Required. - optional int64 counter_utc_start_time_usec = 2; - // The collection end time in UTC for this counter data. Required. - optional int64 counter_utc_end_time_usec = 3; - // device systemId specific breakdown of counter data. - repeated DeviceLicenseCounterBySystemId counter_by_systemid = 4; -} - -message SignedDeviceLicenseCounterRequest { - // The license counter data by device. Required. - optional DeviceLicenseCounterRequest device_license_counter_request = 1; - // The signature for the provider sending the request. Required. - optional bytes signature = 2; -} - diff --git a/protos/public/signed_device_info.proto b/protos/public/signed_device_info.proto deleted file mode 100644 index d40830b..0000000 --- a/protos/public/signed_device_info.proto +++ /dev/null @@ -1,66 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2019 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// -// -// This is a pared down copy of the file in: -// -// Do not modify this file without keeping the other file in sync. -// Items in the original file but removed here include. -// - comments -// - SignedDeviceInfoService definition -// - Google api annotations. -// -// TODO(user, yawenyu): Figure out how we can avoid having two copies -// of the same file. - -syntax = "proto3"; - -package widevine; - -option csharp_namespace = "Google.Chrome.Widevine.Deviceinfo.V1"; -option java_multiple_files = true; -option java_outer_classname = "DeviceCertificateStatusProtos"; -option java_package = "com.google.chrome.widevine.deviceinfo.v1"; - -// GCWDI == Google Chrome Widevine Device Info -option objc_class_prefix = "GCWDI"; - -// A request sent to Widevine Provisioning Server (keysmith) to retrieve -// 'DeviceCertificateStatusList'. -message DeviceCertificateStatusListRequest { - // The version of sdk. Required. - string sdk_version = 1; - // POSIX time, in seconds, when this request was created. Required. - uint64 sdk_time_seconds = 2; - // The serialized service certificate used to sign the request. Required. - bytes service_certificate = 3; -} - -// A device certificate status resource in the Widevine Signed Device Info -// API. It intended to carry information about DRM and OEM certificate -// status and device information for a specific system ID. The information is -// intended to be shared publicly. - -// A signed request sent to Widevine Provisioning Server (keysmith) to retrieve -// 'DeviceCertificateStatusList'. -message SignedDeviceInfoRequest { - // A serialized DeviceCertificateStatusListRequest. Required. - bytes device_certificate_status_list_request = 1; - - // TODO(user): What's the signature algorithm and the key used? - bytes signature = 2; -} - -// Contains a serialized DeviceCertificateStatusList and the signature. -message SignedDeviceInfo { - // Serialized DeviceCertificateStatusList. Required. - bytes device_certificate_status_list = 1; - - // Signature of device_certificate_status_list_request. Signed with root - // certificate private key using RSASSA-PSS. Required. - bytes signature = 2; -} diff --git a/protos/public/signed_drm_certificate.proto b/protos/public/signed_drm_certificate.proto deleted file mode 100644 index bbd0835..0000000 --- a/protos/public/signed_drm_certificate.proto +++ /dev/null @@ -1,27 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2016 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -// Signed device certificate definition. - -syntax = "proto2"; - -package widevine; - -option java_outer_classname = "SignedDrmCertificateProtos"; -option java_package = "com.google.video.widevine.protos"; - -// DrmCertificate signed by a higher (CA) DRM certificate. -message SignedDrmCertificate { - // Serialized certificate. Required. - optional bytes drm_certificate = 1; - // Signature of certificate. Signed with root or intermediate - // certificate specified below. Required. - optional bytes signature = 2; - // SignedDrmCertificate used to sign this certificate. - optional SignedDrmCertificate signer = 3; -} diff --git a/protos/public/verified_media_pipeline.proto b/protos/public/verified_media_pipeline.proto deleted file mode 100644 index bb1e033..0000000 --- a/protos/public/verified_media_pipeline.proto +++ /dev/null @@ -1,39 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2017 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// -// -// Description: -// Protocol messages used for the Verified Media Pipeline feature of the -// Widevine CDM. - -syntax = "proto2"; - -package vmp; - -option optimize_for = LITE_RUNTIME; - -message VmpData { - message SignedBinaryInfo { - // File name of the binary. Required. - optional string file_name = 1; - // Index into |certificates| for the code signing certificate used to sign - // this binary. Required if the binary is signed.. - optional uint32 certificate_index = 2; - // SHA-512 digest of signed binary. Required if the file was present. - optional bytes binary_hash = 3; - // Flags from signature file, if any. Required if signed. - optional uint32 flags = 4; - // Signature of the binary. Required if signed. - optional bytes signature = 5; - } - - // Distinct certificates used in binary code signing. No certificate should - // be present more than once. - repeated bytes certificates = 1; - // Info about each signed binary. - repeated SignedBinaryInfo signed_binary_info = 2; -} diff --git a/protos/public/widevine_pssh.proto b/protos/public/widevine_pssh.proto deleted file mode 100644 index 77f45e5..0000000 --- a/protos/public/widevine_pssh.proto +++ /dev/null @@ -1,106 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2017 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// -// -// Declaration of protocol buffer which is used to encode the data stored in -// Common Encryption (CENC) 'pssh' box Data fields. - -syntax = "proto2"; - -package widevine; - -option java_package = "com.google.video.widevine.protos"; - -message WidevinePsshData { - enum Type { - SINGLE = 0; // Single PSSH to be used to retrieve content keys. - ENTITLEMENT = 1; // Primary PSSH used to retrieve entitlement keys. - ENTITLED_KEY = 2; // Secondary PSSH containing entitled key(s). - } - - message EntitledKey { - // ID of entitlement key used for wrapping |key|. - optional bytes entitlement_key_id = 1; - // ID of the entitled key. - optional bytes key_id = 2; - // Wrapped key. Required. - optional bytes key = 3; - // IV used for wrapping |key|. Required. - optional bytes iv = 4; - // Size of entitlement key used for wrapping |key|. - optional uint32 entitlement_key_size_bytes = 5 [default = 32]; - } - - // Entitlement or content key IDs. Can onnly present in SINGLE or ENTITLEMENT - // PSSHs. May be repeated to facilitate delivery of multiple keys in a - // single license. Cannot be used in conjunction with content_id or - // group_ids, which are the preferred mechanism. - repeated bytes key_ids = 2; - - // Content identifier which may map to multiple entitlement or content key - // IDs to facilitate the delivery of multiple keys in a single license. - // Cannot be present in conjunction with key_ids, but if used must be in all - // PSSHs. - optional bytes content_id = 4; - - // Crypto period index, for media using key rotation. Always corresponds to - // The content key period. This means that if using entitlement licensing - // the ENTITLED_KEY PSSHs will have sequential crypto_period_index's, whereas - // the ENTITELEMENT PSSHs will have gaps in the sequence. Required if doing - // key rotation. - optional uint32 crypto_period_index = 7; - - // Protection scheme identifying the encryption algorithm. The protection - // scheme is represented as a uint32 value. The uint32 contains 4 bytes each - // representing a single ascii character in one of the 4CC protection scheme - // values. To be deprecated in favor of signaling from content. - // 'cenc' (AES-CTR) protection_scheme = 0x63656E63, - // 'cbc1' (AES-CBC) protection_scheme = 0x63626331, - // 'cens' (AES-CTR pattern encryption) protection_scheme = 0x63656E73, - // 'cbcs' (AES-CBC pattern encryption) protection_scheme = 0x63626373. - optional uint32 protection_scheme = 9; - - // Optional. For media using key rotation, this represents the duration - // of each crypto period in seconds. - optional uint32 crypto_period_seconds = 10; - - // Type of PSSH. Required if not SINGLE. - optional Type type = 11 [default = SINGLE]; - - // Key sequence for Widevine-managed keys. Optional. - optional uint32 key_sequence = 12; - - // Group identifiers for all groups to which the content belongs. This can - // be used to deliver licenses to unlock multiple titles / channels. - // Optional, and may only be present in ENTITLEMENT and ENTITLED_KEY PSSHs, - // and not in conjunction with key_ids. - repeated bytes group_ids = 13; - - // Copy/copies of the content key used to decrypt the media stream in which - // the PSSH box is embedded, each wrapped with a different entitlement key. - // May also contain sub-licenses to support devices with OEMCrypto 13 or - // older. May be repeated if using group entitlement keys. Present only in - // PSSHs of type ENTITLED_KEY. - repeated EntitledKey entitled_keys = 14; - - // Video feature identifier, which is used in conjunction with |content_id| - // to determine the set of keys to be returned in the license. Cannot be - // present in conjunction with |key_ids|. - // Current values are "HDR". - optional string video_feature = 15; - - //////////////////////////// Deprecated Fields //////////////////////////// - enum Algorithm { - UNENCRYPTED = 0; - AESCTR = 1; - } - optional Algorithm algorithm = 1 [deprecated = true]; - optional string provider = 3 [deprecated = true]; - optional string track_type = 5 [deprecated = true]; - optional string policy = 6 [deprecated = true]; - optional bytes grouped_license = 8 [deprecated = true]; -} diff --git a/sdk/external/common/wvpl/wvpl_sdk_environment.h b/sdk/external/common/wvpl/wvpl_sdk_environment.h deleted file mode 100644 index 4af2a9c..0000000 --- a/sdk/external/common/wvpl/wvpl_sdk_environment.h +++ /dev/null @@ -1,144 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2017 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -#ifndef SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_ENVIRONMENT_H_ -#define SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_ENVIRONMENT_H_ - -#include -#include - -#include "sdk/external/common/wvpl/wvpl_types.h" - -namespace widevine { -class DeviceCertificateStatusList; -class DrmRootCertificate; -class DrmCertificate; -class ProvisionedDeviceInfo; -} // namespace widevine -namespace widevine_server { -namespace wv_pl_sdk { - -// These fields show the configuration options that can be initialized via -// the implementation classes (WvPLEnvironment and WvPLProxyEnvironment). -const char kDeviceCertificateExpiration[] = "device_certificate_expiration"; -const char kAllowUnknownDevice[] = "allow_unknown_device"; -const char kProvider[] = "provider"; -const char kProviderIv[] = "provider_iv"; -const char kProviderKey[] = "provider_key"; -const char kApiVerInKcb[] = "api_ver_in_kcb"; -const char kLimitUsageStatsToErrorsOnly[] = "limit_usage_stats_to_errors_only"; -// Valid values are 'test' and 'prod'. -const char kDrmCertificateType[] = "drm_certificate_type"; - -/** - * Parent class of SDK environment. This class is not be instantiated directly, - * but its API can be accessed via the derived environment classes. - */ -class WvPLSDKEnvironment { - public: - virtual ~WvPLSDKEnvironment(); - // Generates a license response containing a message generated in response to - // an error condition. |create_session_status| is a previous error status - // returned by the CreateSession(). |license_response| points to a std::string to - // contain the license response and may not be NULL. This method returns true - // if there is an error license to be sent to the client, or false - // otherwise. - static bool GenerateErrorResponse(const WvPLStatus& create_session_status, - std::string* license_response); - - /** - * Add a service certificate system-wide at the sdk. |service_certificate| - * is a Google-generated certificate used to authenticate the service - * provider. |service_private_key| is the encrypted PKCS#8 private RSA key - * corresponding to the service certificate. |service_private_key_passphrase| - * is the password required to decrypt |service_private_key|. This is a - * thread-safe call. - * - * @param service_certificate - * @param service_private_key - * @param service_private_key_passphrase - * - * @return WvPLStatus enumeration - */ - virtual WvPLStatus SetDrmServiceCertificate( - const std::string& service_certificate, const std::string& service_private_key, - const std::string& service_private_key_passphrase); - - // Returns the DRM root certificate configured for this environment. - const widevine::DrmRootCertificate* drm_root_certificate() const { - return drm_root_certificate_.get(); - } - - protected: - // Return the signature for the provider specified in the |config_values| - // parameter in the constructor. |signature| is owned by the caller. - static WvPLStatus GenerateSignature(const std::string& plain_text, - std::string* signature); - /** - * Insert or update provisionedDeviceInfoMap with device info in - * certificate_status_list. - */ - static WvPLStatus UpdateProvisionedDeviceInfoMap( - const widevine::DeviceCertificateStatusList& - certificate_status_list); - - WvPLStatus SetDeviceCertificateStatusList(const std::string& cert_list) const; - - // Number of seconds until the certificate status list expires after its - // creation time. Default value is 604800 seconds. - uint32_t device_certificate_expiration_seconds_ = 604800; - // "config_values" setting for "kDrmCertificateType". - // Supported values are "test" and "prod". Default value is "prod". - std::string drm_certificate_type_ = "prod"; - // name of the provider hosting this service. - std::string provider_; - // value of the "iv" specified for the provider. - std::string provider_iv_; - // value of the "key" specified for the provider. - std::string provider_key_; - // is_service_certificate_loaded_ is not thread safe. - bool is_service_certificate_loaded_ = false; - // If true, allow devices not in the certificate status list. - bool allow_unknown_device_ = false; - // DRM root certificate used for verifying all other DRM certificates. - std::unique_ptr drm_root_certificate_; - - private: - // Get the expected service type for drm service certificate. - virtual int GetExpectedServiceCertificateType(); - - // Check the type of |service_certificate|. Returns "OK" if the cert can be - // used for the current SDK, else an error status. - virtual WvPLStatus CheckServiceCertificateType( - const std::string& service_certificate); - - /** - * Return provisioned_device_info if the device_info_map_ contains system_id. - * - * @return WvPLStatus - Status::OK if success, else error. - */ - static WvPLStatus LookupDeviceInfo( - uint32_t system_id, - widevine::ProvisionedDeviceInfo* provisioned_device_info); - - /** - * Add a device to the current environment/session. - */ - static void AddDeviceInfo( - const widevine::ProvisionedDeviceInfo& provisioned_device_info); - - friend class WvPLSDKSession; - friend class WvPLProxySession; - friend class WvPLProxySessionTest; - friend class WvPLSessionTest; -}; - -} // namespace wv_pl_sdk -} // namespace widevine_server - -#endif // SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_ENVIRONMENT_H_ diff --git a/sdk/external/common/wvpl/wvpl_sdk_session.h b/sdk/external/common/wvpl/wvpl_sdk_session.h deleted file mode 100644 index a79302b..0000000 --- a/sdk/external/common/wvpl/wvpl_sdk_session.h +++ /dev/null @@ -1,231 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2018 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -#ifndef SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_SESSION_H_ -#define SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_SESSION_H_ - -#include -#include "sdk/external/common/wvpl/wvpl_types.h" - -namespace widevine { -class ClientIdentification; -class DrmRootCertificate; -class LicenseRequest; -class License_KeyContainer_OutputProtection; -class License_KeyContainer; -class License_Policy; -class ProvisionedDeviceInfo; -class SessionInit; -class SessionState; -class SignedMessage; -} // namespace widevine -namespace widevine_server { -namespace wv_pl_sdk { - -class WvPLSDKSession { - public: - explicit WvPLSDKSession( - const widevine::DrmRootCertificate* drm_root_certificate); - virtual ~WvPLSDKSession(); - - public: - // Add WvPLKey. - virtual WvPLStatus AddKey(const WvPLKey& key); - - // Get the WvPLKey. - virtual const std::vector& keys() const { return keys_; } - - // Set the license policy. - virtual void set_policy(const WvPLPlaybackPolicy& policy) { - policy_ = policy; - } - - // Get the license policy. - virtual const WvPLPlaybackPolicy& policy() const { return policy_; } - - // Set the Session Init. - virtual void set_session_init(const WvPLSessionInit& session_init) { - session_init_ = session_init; - } - - // Get the Session Init. - virtual const WvPLSessionInit& session_init() const { return session_init_; } - - virtual bool IsChromeCDM() const; - - /** - * Returns the Widevine PSSH data for the license request handled by this - * session. - * - * @param wvpl_widevine_pssh_data. - * @return WvPLStatus - Status::OK if success, else error. - */ - virtual WvPLStatus GetPsshData( - WvPLWidevinePsshData* wvpl_widevine_pssh_data) const; - - /** - * Returns the ClientIdentification information for the license request - * handled by this session. - * - * @param client_info - * @return WvPLStatus - Status::OK if success, else error. - */ - virtual WvPLStatus GetClientInfo(WvPLClientInfo* client_info) const; - /** - * Returns the WvPL Client Capabilities information for the license request - * handled by this session. - * - * @param client_capabilities. - * @return WvPLStatus - Status::OK if success, else error. - */ - virtual WvPLStatus GetClientCapabilities( - WvPLClientCapabilities* client_capabilities) const; - - /** - * Returns the WvPLDeviceInfo information for the license request - * handled by this session. - * - * @param device_info - * @return WvPLStatus - Status::OK if success, else error. - */ - virtual WvPLStatus GetDeviceInfo(WvPLDeviceInfo* device_info) const; - - virtual PlatformVerificationStatus VerifyPlatform() = 0; - - virtual WvPLRequestType GetRequestType() const { return type_; } - - /** - * Returns true if the license type is offline, otherwise return false. - * - * @return bool. - */ - virtual bool is_offline_license() const; - - /** - * Returns the license request contains client id or not. - * - * @return bool. - */ - virtual bool has_client_id() const { return has_client_id_; } - - /** - * Returns true if license request has encrypted_client_id. Otherwise return - * false. - * - * @return bool. - */ - virtual bool has_encrypted_client_id() { return has_encrypted_client_id_; } - - protected: - const widevine::DrmRootCertificate* drm_root_certificate_; - std::string user_agent_; - std::string device_id_; - std::vector keys_; - WvPLPlaybackPolicy policy_; - WvPLSessionInit session_init_; - WvPLWidevinePsshData pssh_data_; - std::unique_ptr client_id_; - bool has_pssh_data_ = false; - bool has_client_id_ = false; - PlatformVerificationStatus platform_verification_status_ = - PLATFORM_NO_VERIFICATION; - std::unique_ptr - signed_message_request_from_cdm_; - std::string license_request_from_cdm_; - std::string remote_attestation_cert_serial_number_; - std::unique_ptr sdk_license_request_; - WvPLRequestType type_; - bool has_session_state_ = false; - bool has_encrypted_client_id_ = false; - - virtual WvPLStatus VerifyRemoteAttestation(); - - // Returns the WvPL Client Capabilities information for the license request - // handled by this session. - WvPLStatus GetWvPLClientCapabilities( - const widevine::ClientIdentification& client_id, - WvPLClientCapabilities* client_capabilities) const; - - // Copy and translates the Key fields from a WvPL Key into an SDK - // key container. - // Copies - // (1) key id - // (2) key - // (3) video_resolution_constraints - // (4) output protection using CopyOutputProtection - // (5) security_level using CopySecurityLevel - // Translates - // (1) key type - void CopyKey(const WvPLKey& wvpl_key, - widevine::License_KeyContainer* sdk_key_container); - - // Copies/translates output_protection in WvPL Key into an SDK key container. - void CopyOutputProtection( - const WvPLOutputProtection& wvpl_output_protection, - widevine::License_KeyContainer_OutputProtection* output_protection); - - // Copies/translatessecurity_level in WvPL Key into an SDK key container. - virtual void CopySecurityLevel( - const WvPLOutputProtection& output_protection, TrackType track_type, - widevine::License_KeyContainer* key_container); - - // Copies/translates the policy from a WvPL policy into an SDK policy. A - // helper function for GenerateLicenseRequestAsJSON. - virtual void CopyPlaybackPolicy(const WvPLPlaybackPolicy& wvpl_policy, - widevine::License_Policy* sdk_policy); - - // Copy the |hdcp_value| into the key container. - virtual void CopyHDCP( - HDCP hdcp_value, - widevine::License_KeyContainer_OutputProtection* output_protection); - - // Copy the WvPLSession Init into Session Init. - virtual void CopySessionInit(const WvPLSessionInit& wvpl_session_init, - widevine::SessionInit* session_init); - - // Copy the WvPLDeviceInfo into ProvisionedDeviceInfo. - virtual void CopyProvisionedDeviceInfo( - const WvPLDeviceInfo& wvpl_device_info, - widevine::ProvisionedDeviceInfo* device_info); - - // Populate deviceInfo, clientIdentification and psshdata for license request. - WvPLStatus ParseLicenseRequest(); - - // Copy the WvPLSessionState to SessionState. - void CopySessionState(const WvPLSessionState& wvpl_session_state, - widevine::SessionState* session_state); - - // Set system_id value. - virtual void SetSystemId(uint32_t system_id); - - // Return has_system_id_ value. True if session has system id. - virtual bool HasSystemId() const; - - // Return system_id value in uint32_t. The function will crash if it does not - // have system_id. - virtual uint32_t GetSystemId() const; - - /** - * Use system_id to loop up device info. - * - * @return WvPLStatus - Status::OK if success, else error. - */ - virtual WvPLStatus LookupDeviceInfo( - uint32_t system_id, - widevine::ProvisionedDeviceInfo* provisioned_device_info) const; - - virtual const std::string TrackTypeToString(TrackType track_type) const; - - private: - std::unique_ptr system_id_; -}; - -} // namespace wv_pl_sdk -} // namespace widevine_server - -#endif // SDK_EXTERNAL_COMMON_WVPL_WVPL_SDK_SESSION_H_ diff --git a/sdk/external/common/wvpl/wvpl_types.h b/sdk/external/common/wvpl/wvpl_types.h deleted file mode 100644 index 35b7258..0000000 --- a/sdk/external/common/wvpl/wvpl_types.h +++ /dev/null @@ -1,1097 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2017 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -#ifndef SDK_EXTERNAL_COMMON_WVPL_WVPL_TYPES_H_ -#define SDK_EXTERNAL_COMMON_WVPL_WVPL_TYPES_H_ - -#include -#include -#include -#include -#include - -#include "common/status.h" - -// TODO(user) Split wvpl_types.h into wvpl_common_types.h , -// wvpl_license_sdk_types.h, wvpl_proxy_sdk_types.h and -// wvpl_packager_sdk_types.h. -// TODO(user) Expose Hdcpsrmrule into WvPLHdcpSrmRule.java. - -namespace widevine_server { -namespace wv_pl_sdk { -typedef widevine::Status WvPLStatus; -typedef uint32_t uint32_t; -typedef int64_t int64_t; - -/** - * Represents the key type for the keys that are used when generating a license. - * The generated license includes a key container, which in turn, contains the - * key material, metadata and policy needed to use the key. - */ -enum KeyType { - UNKNOWN_KEY = 0, - // Key used to decrypt media content. - CONTENT = 1, - // Key used for wrapping content keys. - ENTITLEMENT = 2 -}; - -// A shortcut for specifying whether to return keys for the video feature only -// or to return all keys or ignore the video feature. -// The VideoFeatureKeySet only applies when video feature is specified in the -// PSSH. -// LINT.IfChange -enum VideoFeatureKeySet { - VF_UNSPECIFIED = 0, - // License should not include keys for the video feature, instead only - // include keys not associated with the video feature. - VF_EXCLUDED = 1, - // License should only include keys associated with the video feature - // (e.g., HDR). - VF_ONLY = 2, - // License should include keys for the video feature and also for keys - // not associated with the video feature (e.g., SDR keys). - VF_INCLUDED = 3, -}; - -// LINT.IfChange -enum LicenseType { - LICENSE_TYPE_UNSPECIFIED = 0, - STREAMING = 1, - OFFLINE = 2, -}; - -/** - * Represents the type of message. This struct is used by Proxy SDK. - */ -// LINT.IfChange -enum MessageType { - UNKNOWN = 0, - LICENSE_REQUEST = 1, - SERVICE_CERTIFICATE_REQUEST = 4 -}; - -enum CertificateKeyType { - RSA_2048 = 0, - RSA_3072 = 1, -}; - -enum LicenseRequestType { - REQUEST_TYPE_UNSPECIFIED = 0, - NEW = 1, - RENEWAL = 2, - RELEASE = 3, -}; - -enum PlatformVerificationStatus { - PLATFORM_UNVERIFIED = 0, - PLATFORM_TAMPERED = 1, - PLATFORM_SOFTWARE_VERIFIED = 2, - PLATFORM_HARDWARE_VERIFIED = 3, - PLATFORM_NO_VERIFICATION = 4, - PLATFORM_SECURE_STORAGE_SOFTWARE_VERIFIED = 5 -}; - -// LINT.IfChange -enum HDCP { - HDCP_NONE = 0, - HDCP_V1 = 1, - HDCP_V2 = 2, - HDCP_V2_1 = 3, - HDCP_V2_2 = 4, - HDCP_V2_3 = 5, - HDCP_NO_DIGITAL_OUTPUT = 0xff -}; - -enum SecurityLevel { - SECURITY_LEVEL_UNDEFINED = 0, - SW_SECURE_CRYPTO = 1, - SW_SECURE_DECODE = 2, - HW_SECURE_CRYPTO = 3, - HW_SECURE_DECODE = 4, - HW_SECURE_ALL = 5 -}; - -enum HdcpSrmRule { - HDCP_SRM_RULE_NONE = 0, - CURRENT_SRM = 1, -}; - -enum DeviceSecurityLevel { - DEVICE_LEVEL_UNSPECIFIED = 0, - DEVICE_LEVEL_1 = 1, - DEVICE_LEVEL_2 = 2, - DEVICE_LEVEL_3 = 3 -}; - -enum CGMS { - CGMS_NONE = 42, - COPY_FREE = 0, - COPY_ONCE = 2, - COPY_NEVER = 3, -}; - -enum TrackType { - TRACK_TYPE_UNSPECIFIED = 0, - AUDIO = 1, - VIDEO_SD = 2, - VIDEO_HD = 3, - VIDEO_UHD1 = 4, - VIDEO_UHD2 = 5, -}; - -enum AnalogOutputCapabilities { - ANALOG_OUTPUT_UNKNOWN = 0, - ANALOG_OUTPUT_NONE = 1, - ANALOG_OUTPUT_SUPPORTED = 2, - ANALOG_OUTPUT_SUPPORTS_CGMS_A = 3, -}; - -/* - * Defines the type wrapper for wvpl request. - */ -struct WvPLRequestType { - WvPLRequestType() { - message_type_ = UNKNOWN; - license_type_ = STREAMING; - license_request_type_ = REQUEST_TYPE_UNSPECIFIED; - } - - void set_message_type(MessageType message_type) { - message_type_ = message_type; - } - MessageType message_type() const { return message_type_; } - - void set_license_type(LicenseType license_type) { - license_type_ = license_type; - } - LicenseType license_type() const { return license_type_; } - - void set_license_request_type(LicenseRequestType license_request_type) { - license_request_type_ = license_request_type; - } - LicenseRequestType license_request_type() const { - return license_request_type_; - } - - // Type of the message, default value is UNKNOWN. - MessageType message_type_; - // Type of the license, default value is Streaming. - LicenseType license_type_; - // Type of the license request, default value is REQUEST_TYPE_UNSPECIFIED. - LicenseRequestType license_request_type_; -}; - -struct WvPLPlaybackPolicy { - WvPLPlaybackPolicy() { - license_duration_seconds_ = 0; - playback_duration_seconds_ = 0; - renewal_interval_seconds_ = 0; - renewal_recovery_duration_seconds_ = 0; - renewal_retry_interval_seconds_ = 0; - can_play_ = true; - can_renew_ = false; - can_persist_ = false; - } - - void set_license_duration_seconds(uint32_t duration) { - license_duration_seconds_ = duration; - } - uint32_t license_duration_seconds() const { return license_duration_seconds_; } - void set_playback_duration_seconds(uint32_t duration) { - playback_duration_seconds_ = duration; - } - uint32_t playback_duration_seconds() const { - return playback_duration_seconds_; - } - void set_renewal_interval_seconds(uint32_t duration) { - renewal_interval_seconds_ = duration; - } - uint32_t renewal_interval_seconds() const { return renewal_interval_seconds_; } - void set_renewal_recovery_duration_seconds(int64_t dur) { - renewal_recovery_duration_seconds_ = dur; - } - int64_t renewal_recovery_duration_seconds() const { - return renewal_recovery_duration_seconds_; - } - void set_renewal_retry_interval_seconds(int64_t retry_interval) { - renewal_retry_interval_seconds_ = retry_interval; - } - int64_t renewal_retry_interval_seconds() const { - return renewal_retry_interval_seconds_; - } - void set_renew_with_usage(bool usage_flag) { renew_with_usage_ = usage_flag; } - bool renew_with_usage() const { return renew_with_usage_; } - void set_renewal_url(const std::string& url) { renewal_url_ = url; } - const std::string& renewal_url() const { return renewal_url_; } - void set_can_play(bool play_flag) { can_play_ = play_flag; } - bool can_play() const { return can_play_; } - void set_can_persist(bool persist_flag) { can_persist_ = persist_flag; } - bool can_persist() const { return can_persist_; } - void set_can_renew(bool renew_flag) { can_renew_ = renew_flag; } - bool can_renew() const { return can_renew_; } - - // The license window. Once a license is granted, the number of seconds to use - // this license. Default is 0, indicating unlimited license. - uint32_t license_duration_seconds_; - - // The playback window. Once initial playback starts, the number of seconds - // to use the license. Default is 0, indicating unlimited but not to exceed - // the license_duration_window. - uint32_t playback_duration_seconds_; - - // How many seconds after license_start_time, before renewal is first - // attempted. - uint32_t renewal_interval_seconds_; - - // The window of time, in which playback is allowed to continue while - // renewal is attempted, yet unsuccessful due to backend problems with - // the license server. - int64_t renewal_recovery_duration_seconds_; - - // Specifies the delay in seconds between subsequent license - // renewal requests, in case of failure. - int64_t renewal_retry_interval_seconds_; - - // Indicates that the license shall be sent for renewal when usage is - // started. - bool renew_with_usage_; - - // Renewal requests are sent to this URL. - std::string renewal_url_; - - // Indicates that playback of ths content is allowed. - bool can_play_; - - // Indicates that the license may be persisted to non-volatile storage for - // offline use. - bool can_persist_; - - // Indicates that renewal of this license is allowed. - bool can_renew_; -}; - -/** - * LicenseIdentification is propagated from LicenseRequest to License, - * incrementing version with each iteration. - * */ -struct LicenseIdentification { - LicenseIdentification() { - version_ = 0; - type_ = STREAMING; - } - - // |request_id| must be specified in bytes. - void set_request_id(const std::string& request_id) { - request_id_ = request_id; - } - - const std::string& request_id() { return request_id_; } - - // |session_id| must be specified in bytes. - void set_session_id(const std::string& session_id) { - session_id_ = session_id; - } - - const std::string& session_id() { return session_id_; } - - // |purchase_id| must be specified in bytes. - void set_purchase_id(const std::string& purchase_id) { - purchase_id_ = purchase_id; - } - - const std::string& purchase_id() { return purchase_id_; } - - void set_type(LicenseType type) { type_ = type; } - - LicenseType type() { return type_; } - - uint32_t version() { return version_; } - - void set_version(uint32_t version) { version_ = version; } - - // |provider_session_token| must be specified in bytes. - void set_provider_session_token(const std::string& provider_session_token) { - provider_session_token_ = provider_session_token; - } - - const std::string& provider_session_token() { - return provider_session_token_; - } - - // License request id. - std::string request_id_; // NOLINT - // Session identifier for license request. - std::string session_id_; // NOLINT - // Session token for the session. This token is for use by the license - // provider, and is akin to a session cookie. It will be copied to - // LicenseIdentfication::provider_session_token, and sent back in all - std::string provider_session_token_; // NOLINT - // Purchase identifier. - std::string purchase_id_; // NOLINT - // Type of the license, default value is Streaming. - LicenseType type_; // NOLINT - // Version of license request. - uint32_t version_; // NOLINT -}; - -/** - * This message is used by the server to preserve and restore session state. - * */ -struct WvPLSessionState { - WvPLSessionState() { - keybox_system_id_ = 0; - license_counter_ = 0; - } - - void set_license_id(const LicenseIdentification& license_id) { - license_id_ = license_id; - } - - const LicenseIdentification& license_id() const { return license_id_; } - - LicenseIdentification* mutable_license_id() { return &license_id_; } - - const std::string& signing_key() const { return signing_key_; } - - // |signing_key| must be specified in bytes. - void set_signing_key(const std::string& signing_key) { - signing_key_ = signing_key; - } - - uint32_t keybox_system_id() const { return keybox_system_id_; } - - void set_keybox_system_id(uint32_t keybox_system_id) { - keybox_system_id_ = keybox_system_id; - } - - uint32_t license_counter() const { return license_counter_; } - - void set_license_counter(uint32_t license_counter) { - license_counter_ = license_counter; - } - - const std::string& provider_client_token() const { - return provider_client_token_; - } - - // |provider_client_token| must be specified in bytes. - void set_provider_client_token(const std::string& provider_client_token) { - provider_client_token_ = provider_client_token; - } - - // License information propagated from license request to the license. - LicenseIdentification license_id_; // NOLINT - // Provider client token sent back in the license. - std::string provider_client_token_; // NOLINT - // Signing_key should be 512 bits in length to be split into two - // (server || client) HMAC-SHA256 keys. - std::string signing_key_; // NOLINT - // System_id in keybox. - uint32_t keybox_system_id_; // NOLINT - // License counter associated with the |provider_client_token|. - uint32_t license_counter_; // NOLINT -}; - -struct WvPLVideoResolutionConstraint { - WvPLVideoResolutionConstraint() { - min_resolution_pixels_ = 0; - max_resolution_pixels_ = 0; - hdcp_ = HDCP_NONE; - } - - void set_min_resolution_pixels(uint32_t pixels) { - min_resolution_pixels_ = pixels; - } - - void set_max_resolution_pixels(uint32_t pixels) { - max_resolution_pixels_ = pixels; - } - - void set_hdcp(HDCP hdcp_value) { hdcp_ = hdcp_value; } - - HDCP hdcp() const { return hdcp_; } - - uint32_t min_resolution_pixels() const { return min_resolution_pixels_; } - - uint32_t max_resolution_pixels() const { return max_resolution_pixels_; } - - // Minimum and maximum video resolutions in the range (height x width). - uint32_t min_resolution_pixels_; - uint32_t max_resolution_pixels_; - // Optional output protection requirements for this range. If not - // specified, the output protection in WvPLKey applies. - HDCP hdcp_; -}; - -struct WvPLOutputProtection { - WvPLOutputProtection() { - hdcp_ = HDCP_NONE; - hdcp_srm_rule_ = HDCP_SRM_RULE_NONE; - secure_data_path_ = false; - security_level_ = SECURITY_LEVEL_UNDEFINED; - disable_analog_output_ = false; - disable_digital_output_ = false; - cgms_ = CGMS_NONE; - } - - void set_hdcp(HDCP hdcp_value) { hdcp_ = hdcp_value; } - - HDCP hdcp() const { return hdcp_; } - - // Setting true indicates security_level is HW_SECURE_ALL, otherwise the - // default is false which maps to security_level of SW_SECURE_CRYPTO. This - // value is ignored if security_level is set directly. - void set_secure_data_path(bool secure_flag) { - secure_data_path_ = secure_flag; - } - - bool secure_data_path() const { return secure_data_path_; } - - // Setting security_level directly takes precedence over setting the - // |secure_data_path|. For most applications, there is no need to set the - // security_level directly. Using |secure_data_path| is sufficient. - void set_security_level(SecurityLevel level) { security_level_ = level; } - - SecurityLevel security_level() const { return security_level_; } - - // Set to true to disable analog output. - void set_disable_analog_output(bool flag) { disable_analog_output_ = flag; } - - bool disable_analog_output() const { return disable_analog_output_; } - - // Set to true to disable digital output. - void set_disable_digital_output(bool flag) { disable_digital_output_ = flag; } - - bool disable_digital_output() const { return disable_digital_output_; } - - // CGMS-A setting - void set_cgms(CGMS cgms_value) { cgms_ = cgms_value; } - - CGMS cgms() const { return cgms_; } - - void set_hdcp_srm_rule(HdcpSrmRule hdcp_srm_rule) { - hdcp_srm_rule_ = hdcp_srm_rule; - } - - HdcpSrmRule hdcp_srm_rule() const { return hdcp_srm_rule_; } - - // Indicates whether HDCP is required on digital outputs. Default is None. - HDCP hdcp_; - - HdcpSrmRule hdcp_srm_rule_; - - // Crypto operations and handling of the media must be performed within a - // hardware backed trusted environment. Default is false. - bool secure_data_path_; - - // Security level robustness defined by Widevine. Default is UNDEFINED in - // which case secure_data_path_ is used. If secure_data_path_ is false, - // security_level_ is set to SW_SECURE_CRYPTO. If secure_data_path_ is - // true, security_level_ is set to HW_SECURE_ALL; - SecurityLevel security_level_; - - // Set to disable analog output. - bool disable_analog_output_; - - // Set to disable digital output. - bool disable_digital_output_; - - // CGMS-A analog output. - CGMS cgms_; -}; - -struct WvPLKey { - WvPLKey() {} - - // |key_id| must be specified in bytes. - void set_key_id(const std::string& key_id) { key_id_ = key_id; } - - const std::string& key_id() const { return key_id_; } - - // |key_bytes| must be specified in bytes. - void set_key_bytes(const std::string& key_bytes) { key_bytes_ = key_bytes; } - - const std::string& key_bytes() const { return key_bytes_; } - - void set_output_protection(const WvPLOutputProtection& out_prot) { - output_protection_ = out_prot; - } - - void set_requested_output_protection(const WvPLOutputProtection& out_prot) { - requested_output_protection_ = out_prot; - } - - const WvPLOutputProtection& output_protection() const { - return output_protection_; - } - - const WvPLOutputProtection& requested_output_protection() const { - return requested_output_protection_; - } - - WvPLOutputProtection* mutable_output_protection() { - return &output_protection_; - } - - WvPLOutputProtection* mutable_requested_output_protection() { - return &requested_output_protection_; - } - - const std::vector - video_resolution_constraints() const { - return video_resolution_constraints_; - } - - void AddVideoResolutionConstraint( - const WvPLVideoResolutionConstraint& constraint) { - video_resolution_constraints_.push_back(constraint); - } - - void set_track_type(const TrackType track_type) { track_type_ = track_type; } - - TrackType track_type() const { return track_type_; } - - void set_key_type(const KeyType key_type) { key_type_ = key_type; } - - KeyType key_type() const { return key_type_; } - - std::string key_id_; - std::string key_bytes_; - WvPLOutputProtection output_protection_; - WvPLOutputProtection requested_output_protection_; - // If the video resolution of the content being decrypted/decoded falls - // within one of the specified ranges, the optional output protections may - // be applied. - std::vector video_resolution_constraints_; - TrackType track_type_ = TRACK_TYPE_UNSPECIFIED; - KeyType key_type_ = CONTENT; -}; - -struct WvPLDeviceInfo { - WvPLDeviceInfo() { - security_level_ = DEVICE_LEVEL_UNSPECIFIED; - system_id_ = 0; - test_device_ = false; - } - void set_system_id(uint32_t system_id) { system_id_ = system_id; } - uint32_t system_id() const { return system_id_; } - void set_soc(const std::string& soc) { soc_ = soc; } - const std::string& soc() const { return soc_; } - - void set_manufacturer(const std::string& manufacturer) { - manufacturer_ = manufacturer; - } - const std::string& manufacturer() const { return manufacturer_; } - - void set_model(const std::string& model) { model_ = model; } - const std::string& model() const { return model_; } - - void set_device_type(const std::string& device_type) { - device_type_ = device_type; - } - const std::string& device_type() const { return device_type_; } - - void set_security_level(DeviceSecurityLevel level) { - security_level_ = level; - } - DeviceSecurityLevel security_level() const { return security_level_; } - - void set_test_device(bool test_device) { test_device_ = test_device; } - bool test_device() const { return test_device_; } - - void set_drm_certificate_serial_number( - const std::string& drm_certificate_serial_number) { - drm_certificate_serial_number_ = drm_certificate_serial_number; - } - const std::string& drm_certificate_serial_number() const { - return drm_certificate_serial_number_; - } - - void set_service_id(const std::string& service_id) { - service_id_ = service_id; - } - const std::string& service_id() const { return service_id_; } - - // Widevine system ID for this device family. - uint32_t system_id_; - // Name of system-on-a-chip. - std::string soc_; - // Name of manufacturer. - std::string manufacturer_; - // Manufacturer's model name. - std::string model_; - // Type of device (Phone, Tablet, TV, etc). - std::string device_type_; - // Widevine-defined security level. - DeviceSecurityLevel security_level_; - // True if the certificate corresponds to a test (non production) device. - bool test_device_; - // 128-bit globally unique serial number of certificate. - std::string drm_certificate_serial_number_; - // Service identifier (web origin) for the provider which owns the - // certificate. - std::string service_id_; -}; - -// This message is used to hold usage data for each Widevine system Id. -struct WvPLLicenseStatusCounterData { - // Initialize members - WvPLLicenseStatusCounterData() : license_status_(0), status_count_(0) {} - uint32_t license_status_; - // Count of occurences of the above status; - uint32_t status_count_; -}; - -// This message is used to hold usage data for each device model. -struct WvPLDeviceModelCounterData { - std::string device_model_; - // Key is each status we returned associated with the above model; - std::map status_map_; -}; - -// This message is used to hold usage data for each device make. -struct WvPLDeviceMakeCounterData { - std::string device_make_; - // Key is each model associated with this device make. - std::map model_map_; -}; - -// This message is used to hold usage data for each Widevine system Id. -struct WvPLSystemIdCounterData { - // Initialize members - WvPLSystemIdCounterData() : system_id_(0) {} - uint32_t system_id_; - // Key is each make we handled associated with the above system Id. - std::map make_map_; -}; - -// This top level message contains aggregated usage data for license requests. -struct WvPLCounterData { - // Initialize members - WvPLCounterData() : start_time_utc_(0), end_time_utc_(0) {} - // Time of the first license in this structure, represented as seconds since - // Unix epoch. - time_t start_time_utc_; - // Time of the last license in this structure, represented as seconds since - // Unix epoch. - time_t end_time_utc_; - // Key is each system Id we handled. - std::map system_id_map_; -}; - -struct WvPLSessionInit { - WvPLSessionInit() - : license_start_time_(0), override_provider_client_token_(false) {} - // Accessors - void set_session_id(const std::string& session_id) { - session_id_ = session_id; - } - std::string session_id() const { return session_id_; } - - void set_purchase_id(const std::string& purchase_id) { - purchase_id_ = purchase_id; - } - std::string purchase_id() const { return purchase_id_; } - - void set_master_signing_key(const std::string& master_signing_key) { - master_signing_key_ = master_signing_key; - } - std::string master_signing_key() const { return master_signing_key_; } - - void set_license_start_time(const int64_t license_start_time) { - license_start_time_ = license_start_time; - } - int64_t license_start_time() const { return license_start_time_; } - - void set_provider_client_token(const std::string& provider_client_token) { - provider_client_token_ = provider_client_token; - } - std::string provider_client_token() const { return provider_client_token_; } - - void set_provider_session_token(const std::string& provider_session_token) { - provider_session_token_ = provider_session_token; - } - std::string provider_session_token() const { return provider_session_token_; } - - void set_override_provider_client_token(bool override_provider_client_token) { - override_provider_client_token_ = override_provider_client_token; - } - bool override_provider_client_token() const { - return override_provider_client_token_; - } - - // Identifier for the session. - std::string session_id_; - // Identifier for the purchased content. - std::string purchase_id_; - // Master signing key should be 128 bits in length. - std::string master_signing_key_; - // signing_key should be 512 bits in length to be split into two - // (server || client) HMAC-SHA256 keys. - std::string signing_key_; - // The reference time in UTC as calculated by the client clock. - int64_t license_start_time_; - // Client token for the session. - std::string provider_client_token_; - // Session token for the session. - std::string provider_session_token_; - // If false and the license request contains a |provider_client_token_|, - // use the token from that request even if |provider_client_token_| is - // specified. - // If true and the license request contains a |provider_client_token_|, - // use |provider_client_token_|. - bool override_provider_client_token_; -}; - -struct WvPLClientCapabilities { - WvPLClientCapabilities() {} - - // Accessors - void set_client_token(bool client_token) { client_token_ = client_token; } - - bool client_token() const { return client_token_; } - - void set_session_token(bool session_token) { session_token_ = session_token; } - - bool session_token() const { return session_token_; } - - void set_video_resolution_constraints(bool video_resolution_constraints) { - video_resolution_constraints_ = video_resolution_constraints; - } - - bool video_resolution_constraints() const { - return video_resolution_constraints_; - } - - void set_max_hdcp_version(HDCP max_hdcp_version) { - max_hdcp_version_ = max_hdcp_version; - } - - HDCP max_hdcp_version() const { return max_hdcp_version_; } - - void set_oem_crypto_api_version(uint32_t oem_crypto_api_version) { - oem_crypto_api_version_ = oem_crypto_api_version; - } - - uint32_t oem_crypto_api_version() const { return oem_crypto_api_version_; } - - void set_anti_rollback_usage_table(bool anti_rollback_usage_table) { - anti_rollback_usage_table_ = anti_rollback_usage_table; - } - - bool anti_rollback_usage_table() const { return anti_rollback_usage_table_; } - - void set_srm_version(uint32_t srm_version) { srm_version_ = srm_version; } - - uint32_t srm_version() const { return srm_version_; } - - void set_can_update_srm(bool can_update_srm) { - can_update_srm_ = can_update_srm; - } - - bool can_update_srm() const { return can_update_srm_; } - - void add_supported_certificate_key_type(const CertificateKeyType key_type) { - supported_certificate_key_type_.push_back(key_type); - } - const std::list supported_certificate_key_type() const { - return supported_certificate_key_type_; - } - - void set_analog_output_capabilities( - const AnalogOutputCapabilities analog_output_capabilities) { - analog_output_capabilities_ = analog_output_capabilities; - } - - const AnalogOutputCapabilities analog_output_capabilities() const { - return analog_output_capabilities_; - } - - void set_can_disable_analog_output(bool can_disable_analog_output) { - can_disable_analog_output_ = can_disable_analog_output; - } - - bool can_disable_analog_output() const { return can_disable_analog_output_; } - - // Member variables - // Client token generated by the content provider. - bool client_token_ = false; - // A token associated with the client session. - bool session_token_ = false; - // Video resolution constraints. If the video resolution of the - // content being decrypted/decoded falls within one of the specified ranges, - // the required_protections may be applied. Otherwise an error will be - // reported. - // NOTE: Use of this feature is not recommended, as it is only supported on - // a small number of platforms. - bool video_resolution_constraints_ = false; - // The max "High-bandwidth Digital Content Protection" (HDCP) version - // supported by the client. - HDCP max_hdcp_version_ = HDCP_NONE; - // The OEM Crypto API version supported by the client. - uint32_t oem_crypto_api_version_; - // Flag to indicate the key must only be used if the client - // supports anti rollback of the user table. Content provider can query the - // client capabilities to determine if the client support this feature. - bool anti_rollback_usage_table_ = false; - // The client shall report |srm_version| if available. - uint32_t srm_version_; - // A device may have SRM data, and report a version, but may not be capable - // of updating SRM data. - bool can_update_srm_ = false; - // A list of CertificateKeyTypes. - std::list supported_certificate_key_type_; - // Analog capabilities of the device. - AnalogOutputCapabilities analog_output_capabilities_ = ANALOG_OUTPUT_UNKNOWN; - // Indicates if the device can disable it's analog output. - bool can_disable_analog_output_ = false; -}; - -/** - * Represents the Client Identification information. In the License Proxy - * SDK, this structure is populated as a result of parsing the license - * request from the CDM. This struct is used by Proxy SDK. - */ -struct WvPLClientInfo { - WvPLClientInfo() - : max_hdcp_version_(HDCP_NONE), - oem_crypto_api_version_(0), - analog_output_capabilities_(ANALOG_OUTPUT_UNKNOWN), - can_disable_analog_output_(false) {} - - // Accessors - void set_max_hdcp_version(HDCP max_hdcp_version) { - max_hdcp_version_ = max_hdcp_version; - } - HDCP max_hdcp_version() const { return max_hdcp_version_; } - - void set_oem_crypto_api_version(uint32_t oem_crypto_api_version) { - oem_crypto_api_version_ = oem_crypto_api_version; - } - uint32_t oem_crypto_api_version() const { return oem_crypto_api_version_; } - - void set_provider_client_token(const std::string& provider_client_token) { - provider_client_token_ = provider_client_token; - } - const std::string& provider_client_token() const { - return provider_client_token_; - } - - void set_cdm_version(const std::string& cdm_version) { - cdm_version_ = cdm_version; - } - const std::string& cdm_version() const { return cdm_version_; } - - void set_name_value(const std::string& name, const std::string& value) { - names_values_.insert(std::make_pair(name, value)); - } - const std::map& names_values() { - return names_values_; - } - void set_analog_output_capabilities(AnalogOutputCapabilities capability) { - analog_output_capabilities_ = capability; - } - const AnalogOutputCapabilities analog_output_capabilities() const { - return analog_output_capabilities_; - } - void set_can_disable_analog_output(bool can_disable) { - can_disable_analog_output_ = can_disable; - } - bool can_disable_analog_output() const { return can_disable_analog_output_; } - - const WvPLClientCapabilities client_capabilities() const { - return client_capabilities_; - } - - void set_client_capabilities( - const WvPLClientCapabilities& client_capabilities) { - client_capabilities_ = client_capabilities; - } - - // Member variables - // The max "High-bandwidth Digital Content Protection" (HDCP) version - // supported by the device. - HDCP max_hdcp_version_; - // The OEM Crypto API version supported by the client. - uint32_t oem_crypto_api_version_; - // The client CDM version. - std::string cdm_version_; - // The client token generated by the content provider. - std::string provider_client_token_; - // Map of other fields specified as name-value pairs representing the - // client. - std::map names_values_; - // Analog capabilities of the device. - AnalogOutputCapabilities analog_output_capabilities_; - // Indicates if the device can disable it's analog output. - bool can_disable_analog_output_; - // Capabilities which not all clients may support. Used for the license - // exchange protocol only. - WvPLClientCapabilities client_capabilities_; -}; - -struct WvPLEntitledKey { - WvPLEntitledKey() {} - // Accessors. - void set_entitlement_key_id(const std::string& entitlement_key_id) { - entitlement_key_id_ = entitlement_key_id; - } - const std::string& entitlement_key_id() const { return entitlement_key_id_; } - - void set_key_id(const std::string& key_id) { key_id_ = key_id; } - const std::string& key_id() const { return key_id_; } - - void set_key_bytes(const std::string& key_bytes) { key_bytes_ = key_bytes; } - const std::string& key_bytes() const { return key_bytes_; } - - void set_entitlement_key_iv(const std::string& entitlement_key_iv) { - entitlement_key_iv_ = entitlement_key_iv; - } - const std::string& entitlement_key_iv() const { return entitlement_key_iv_; } - - void set_entitlement_key_size_bytes(uint32_t entitlement_key_size_bytes) { - entitlement_key_size_bytes_ = entitlement_key_size_bytes; - } - uint32_t entitlement_key_size_bytes() const { - return entitlement_key_size_bytes_; - } - - // Member variables. - // ID of entitlement key used for wrapping |key|. - std::string entitlement_key_id_; - // ID of the entitled key. - std::string key_id_; - // Wrapped key. - std::string key_bytes_; - // IV used for wrapping |key|. - std::string entitlement_key_iv_; - // Size of entitlement key used for wrapping |key|. - uint32_t entitlement_key_size_bytes_ = 32; -}; - -/* - * Defines the 'pssh' box for Common Encryption (CENC). - */ -struct WvPLWidevinePsshData { - WvPLWidevinePsshData() {} - - // Accessors - void set_content_id(const std::string& content_id) { - content_id_ = content_id; - } - const std::string content_id() const { return content_id_; } - - void set_key_id(const std::string& key_id) { key_ids_.push_back(key_id); } - const std::list& key_ids() const { return key_ids_; } - - void add_entitled_key(const WvPLEntitledKey& entitled_key) { - entitled_keys_.push_back(entitled_key); - } - const std::list& entitled_keys() const { - return entitled_keys_; - } - - void set_video_feature(const std::string& video_feature) { - video_feature_ = video_feature; - } - const std::string video_feature() const { return video_feature_; } - - // Member variables - // A list of key identifiers, for entitlement keys or content keys. - std::list key_ids_; - // The content identifier. - std::string content_id_; - // A list of wrapped keys. - std::list entitled_keys_; - // Video feature identifier. - std::string video_feature_; -}; - -struct WvPLCasKey { - WvPLCasKey() {} - - void set_odd_key_id(const std::string& odd_key_id) { - odd_key_id_ = odd_key_id; - } - - const std::string& odd_key_id() const { return odd_key_id_; } - - void set_odd_key_bytes(const std::string& odd_key_bytes) { - odd_key_bytes_ = odd_key_bytes; - } - - const std::string& odd_key_bytes() const { return odd_key_bytes_; } - - void set_even_key_id(const std::string& even_key_id) { - even_key_id_ = even_key_id; - } - - const std::string& even_key_id() const { return even_key_id_; } - - void set_even_key_bytes(const std::string& even_key_bytes) { - even_key_bytes_ = even_key_bytes; - } - - const std::string& even_key_bytes() const { return even_key_bytes_; } - - void set_track_type(const TrackType track_type) { track_type_ = track_type; } - - TrackType track_type() const { return track_type_; } - - void set_output_protection(const WvPLOutputProtection& output_protection) { - output_protection_ = output_protection; - } - - void set_requested_output_protection( - const WvPLOutputProtection& output_protection) { - requested_output_protection_ = output_protection; - } - - const WvPLOutputProtection& output_protection() const { - return output_protection_; - } - - const WvPLOutputProtection& requested_output_protection() const { - return requested_output_protection_; - } - - WvPLOutputProtection* mutable_output_protection() { - return &output_protection_; - } - - WvPLOutputProtection* mutable_requested_output_protection() { - return &requested_output_protection_; - } - - void set_key_type(const KeyType key_type) { key_type_ = key_type; } - - KeyType key_type() const { return key_type_; } - - // 'Odd' Key slot identifier. - std::string odd_key_id_; - // 'Odd' Key slot. - std::string odd_key_bytes_; - // 'Even' Key slot identifier. - std::string even_key_id_; - // 'Even' Key slot. - std::string even_key_bytes_; - // track type. - TrackType track_type_ = TRACK_TYPE_UNSPECIFIED; - // Required output protection. - WvPLOutputProtection output_protection_; - // Requested output protection. - WvPLOutputProtection requested_output_protection_; - // Key type from the KeyType enumeration. - KeyType key_type_ = ENTITLEMENT; -}; - -} // namespace wv_pl_sdk -} // namespace widevine_server - -#endif // SDK_EXTERNAL_COMMON_WVPL_WVPL_TYPES_H_ diff --git a/ubuntu/media_cas_proxy_sdk-bin.tar b/ubuntu/media_cas_proxy_sdk-bin.tar new file mode 100644 index 0000000..7417595 Binary files /dev/null and b/ubuntu/media_cas_proxy_sdk-bin.tar differ diff --git a/util/error_space.h b/util/error_space.h deleted file mode 100644 index 2e66a39..0000000 --- a/util/error_space.h +++ /dev/null @@ -1,83 +0,0 @@ -//////////////////////////////////////////////////////////////////////////////// -// Copyright 2017 Google LLC. -// -// This software is licensed under the terms defined in the Widevine Master -// License Agreement. For a copy of this agreement, please contact -// widevine-licensing@google.com. -//////////////////////////////////////////////////////////////////////////////// - -#ifndef UTIL_ERROR_SPACE_H_ -#define UTIL_ERROR_SPACE_H_ - -#include - -namespace widevine { -namespace util { - -class ErrorSpace { - public: - std::string SpaceName() const { return space_name_func_(this); } - std::string String(int code) const { return code_to_string_func_(this, code); } - - protected: - // typedef instead of using statements for SWIG compatibility. - typedef std::string (*SpaceNameFunc)(const ErrorSpace* space); - typedef std::string (*CodeToStringFunc)(const ErrorSpace* space, int code); - constexpr ErrorSpace(SpaceNameFunc space_name_func, - CodeToStringFunc code_to_string_func) - : space_name_func_(space_name_func), - code_to_string_func_(code_to_string_func) {} - - private: - const SpaceNameFunc space_name_func_; - const CodeToStringFunc code_to_string_func_; -}; - -// Manages creation of error space subclasses. -template -class ErrorSpaceImpl : public ErrorSpace { - public: - constexpr ErrorSpaceImpl() - : ErrorSpace(&ErrorSpaceImpl::SpaceNameImpl, - &ErrorSpaceImpl::CodeToStringImpl) {} - - // Returns the canonical instance of the `T` error space. - static constexpr const T* Get(); - - private: - // These functions adapt the stateful implementation that takes a space - // pointer to stateless static methods, so that clients of ErrorSpaceImpl are - // safe to have constexpr global instances. - static std::string SpaceNameImpl(const ErrorSpace* /*space*/) { - return T::space_name(); - } - - static std::string CodeToStringImpl(const ErrorSpace* /*space*/, int code) { - return T::code_to_string(code); - } -}; - -namespace internal { - -// Provides a global constexpr instance of the error space `T`. -// We need the indirection because ErrorSpaceImpl can't declare constexpr -// instances of T since it is not yet fully declared. -template -struct ErrorSpaceInstance { - static constexpr T value = {}; -}; - -template -constexpr T ErrorSpaceInstance::value; - -} // namespace internal - -template -constexpr const T* ErrorSpaceImpl::Get() { - return &internal::ErrorSpaceInstance::value; -} - -} // namespace util -} // namespace widevine - -#endif // UTIL_ERROR_SPACE_H_