Media CAS Proxy SDK release: 16.5.0

ubuntu/protos/public/device_certificate_status.proto

@@ -0,0 +1,106 @@
+// Copyright 2017 Google LLC. All rights reserved.
+//
+// Author: tinskip@google.com (Thomas Inskip)
+//
+// Description:
+//   Device certificate status list object definitions.
+
+syntax = "proto2";
+
+package video_widevine;
+
+import "protos/public/hash_algorithm.proto";
+import "protos/public/provisioned_device_info.proto";
+
+option java_outer_classname = "DeviceCertificateStatusProtos";
+option java_package = "com.google.video.widevine.protos";
+
+// Contains DRM and OEM certificate status and device information for a
+// specific system ID.
+// TODO(tinskip): Move this to its own file.
+message DeviceCertificateStatus {
+  enum DeprecatedStatus {
+    DEPRECATED_VALID = 0;
+    DEPRECATED_REVOKED = 1;
+  }
+  enum Status {
+    STATUS_UNKNOWN = 0;
+    STATUS_IN_TESTING = 10;  // Pre-release, active device.
+    STATUS_RELEASED = 20;    // Released, active device.
+    STATUS_TEST_ONLY = 30;   // Development-only device.
+    STATUS_REVOKED = 40;     // Revoked device.
+  }
+
+  message RevokedIdentifiers {
+    // Contains a sorted list of DRM serial numbers that are revoked.
+    repeated bytes revoked_certificate_serial_numbers = 1;
+    // Contains a sorted list of revoked_unique_id_hashes that are revoked.
+    // These identifiers are hash values of the root of trust identifier.
+    // For a keybox, hash = SHA256(KeyboxUniqueID || SecretSauce) where
+    // SecretSauce is a Widevine owned secret. For Provisioning 3.0, hash =
+    // SHA256(X509SerialNumber|| SecretSauce) where SecretSauce is a Widevine
+    // owned secret.
+    repeated bytes revoked_unique_id_hashes = 2;
+  }
+
+  // Serial number of the intermediate DrmCertificate to which this
+  // message refers. Required.
+  optional bytes drm_serial_number = 1;
+  // Status of the certificate. Optional & deprecated in favor of |status|
+  // below.
+  optional DeprecatedStatus deprecated_status = 2 [default = DEPRECATED_VALID];
+  // Device model information about the device to which the intermediate
+  // certificate(s) correspond.
+  optional ProvisionedDeviceInfo device_info = 4;
+  // Serial number of the OEM X.509 intermediate certificate for this type
+  // of device. Present only if the device is OEM-provisioned.
+  optional bytes oem_serial_number = 5;
+  // Status of the device. Optional.
+  optional Status status = 6 [default = STATUS_UNKNOWN];
+
+  // RevokedIdentifiers collect all the serial_numbers or unique_id_hashes used
+  // for individual drm certificate revocation.
+  optional RevokedIdentifiers revoked_identifiers = 7;
+
+  // Vulnerability levels as defined by NIST national vulnerability database.
+  // https://nvd.nist.gov/vuln-metrics/cvss
+  enum DeviceVulnerabilityLevel {
+    DEVICE_VULNERABILITY_LEVEL_UNSPECIFIED = 0;
+    DEVICE_VULNERABILITY_LEVEL_NONE = 1;
+    DEVICE_VULNERABILITY_LEVEL_LOW = 2;
+    DEVICE_VULNERABILITY_LEVEL_MEDIUM = 3;
+    DEVICE_VULNERABILITY_LEVEL_HIGH = 4;
+    DEVICE_VULNERABILITY_LEVEL_CRITICAL = 5;
+  }
+  // Specifies the device vulnerability level.
+  optional DeviceVulnerabilityLevel device_vulnerability_level = 8;
+}
+
+// List of DeviceCertificateStatus. Used to propagate certificate revocation
+// status and device information.
+message DeviceCertificateStatusList {
+  // POSIX time, in seconds, when the list was created. Required.
+  optional uint32 creation_time_seconds = 1;
+  // DeviceCertificateStatus for each system ID.
+  repeated DeviceCertificateStatus certificate_status = 2;
+}
+
+// List of DeviceCertificateStatus. Used to propagate certificate revocation
+// status and device information. (Used in published devices library)
+message PublishedDevicesList {
+  // POSIX time, in seconds, when the list was created. Required.
+  optional uint32 creation_time_seconds = 1;
+  // DeviceCertificateStatus for each system ID.
+  repeated DeviceCertificateStatus device_certificate_status = 2;
+}
+
+// Signed CertificateStatusList
+message SignedDeviceCertificateStatusList {
+  // Serialized DeviceCertificateStatusList. Required.
+  optional bytes certificate_status_list = 1;
+  // Signature of certificate_status_list. Signed with root certificate private
+  // key using RSASSA-PSS. Required.
+  optional bytes signature = 2;
+  // Optional field that indicates the hash algorithm used in signature scheme.
+  optional HashAlgorithmProto hash_algorithm = 3;
+}