// Copyright 2020 Google LLC. All rights reserved.
//
// This file contains device-related definitions that are common to both the
// legacy device management service and the new devices service. Eventually,
// we may merge the contents of this file into other files.

syntax = "proto3";

package video_widevine;

option java_package = "com.google.video.widevine.protos";

// Allows additional make/models to be associated with a system_id.
message DeviceModel {
  // ModelStatus is used to specify how confident we are that this
  // make/model/year combination is allowed by the device manufacturer.
  // VERIFIED indicates that the manufacturer confirmed that it is correct.
  // UNVERIFIED means that we have sufficient data to believe it is correct,
  //            but the manufacturer has not confirmed.
  // UNKNOWN indicates that we do not have sufficient information to indicate
  //         whether or not the device is allowed by the manufacturer.
  // REJECTED indicates that the manufacturer explicitly disallowed the use
  //          of the make/model/year combination.
  enum ModelStatus {
    MODEL_STATUS_UNSPECIFIED = 0;
    MODEL_STATUS_VERIFIED = 1;
    MODEL_STATUS_UNVERIFIED = 2;
    MODEL_STATUS_UNKNOWN = 4;
    MODEL_STATUS_REJECTED = 3;
  }
  // Represents the device manufacturer. Typically, this will be Philips, LG,
  // Sharp, etc.
  string manufacturer = 1;
  //  Model of the device.
  string model_name = 2;
  // The expected release year of the make/model combination. Optional.
  uint32 model_year = 3;
  // The model status of this make and model.
  ModelStatus status = 4;
}

// DeviceState defines the current state of the device. It is used in
// licensing to determine if a (classic or MDRM/CENC) license should be
// issued. The status affects if and how a device record is shown in
// keysmith's CertificateStatusList.
//
// States:
//   DEVICE_STATE_UNKNOWN: This should not be used.
//       It only indicates that a state has not been set.
//   IN_TESTING: The first valid state of a device record. A newly created
//       device should be in this state until the device is considered
//       "released". In this state a device should only be supported on test
//       services (e.g. UAT license service).
//   PRE_RELEASE: The state of a device when it's ready to be used with
//       production services. In this state a device can receive production
//       classic and MDRM/CENC licenses. The device will also be listed in
//       keysmith's certificate status list.  The device data will be
//       available for sharing with internal partners only.
//   RELEASED: Indicates that the device is available on the store shelves.
//       The device data will be available for sharing with external partners.
//   DELETED: Indicates that the device was manually disabled and should
//       not be used for any test or production services. The device should
//       not appear in the device certificate status list. Customers will
//       not be able to see or utilize this state when managing their devices.
//   TEST_ONLY: Indicates that this device was never intended for production
//       but can be used for test purposes. The device will be listed in the
//       certificate status list as a test device.
//   REVOKED: Indicates that the device was revoked. No test or production
//       service should honor requests (classic nor MDRM/CENC) from one of
//       these devices. The device serial number and its REVOKED status will
//       appear in keysmith's certificate status list.
//   REVOKED_LICENSING: Indicates that the device was revoked. A device series
//       in this state will still allow provisioning of those devices. Licensing
//       will be prohibited just as the REVOKED state. However, the licensing
//       host can choose to override this state and allow licensing.
//       The device serial number and the REVOKED status (not REVOKED_LICENSING)
//       will appear in keysmith's certificate status list.
//
// Devices in the above states have the following behaviors in widevince
// services:
//
//             Licensing  | Certificate  | Cert   | Cert   | Test   |
// State       Prod | UAT | Provisioning | Listed | status | device | redact
// --          --     --    --             --       --       --       --
// IN_TESTING  No     Yes   Yes            Yes      VALID    true     yes
// TEST_ONLY   No     Yes   Yes            Yes      VALID    true     no
// PRE_RELEASE Yes    Yes   Yes            Yes      VALID    false    yes
// RELEASED    Yes    Yes   Yes            Yes      VALID    false    no
// REVOKED     No     No    No             Yes      REVOKED  false    no
// REVOKED_    No     No    No             Yes      REVOKED  false    no
//   LICENSING No*    No*   Yes            Yes      REVOKED  false    no
// DELETED     No     No    No             No       n/a      n/a      n/a
//
// * - REVOKED_LICENSING will not issue licenses by default but can be
//     overridden by the host.
enum DeviceState {
  DEVICE_STATE_UNKNOWN = 0;
  IN_TESTING = 1;
  RELEASED = 2;
  DELETED = 3;
  TEST_ONLY = 4;
  REVOKED = 5;
  PRE_RELEASE = 6;
  REVOKED_LICENSING = 7;
}

// Specifies the device type, or form factor of a device.
enum DeviceType {
  DEVICE_TYPE_UNSPECIFIED = 0;
  DEVICE_TYPE_PHONE = 1;
  DEVICE_TYPE_TV = 2;
  DEVICE_TYPE_TABLET = 3;
  DEVICE_TYPE_GAMING_CONSOLE = 4;
  DEVICE_TYPE_SET_TOP_BOX = 5;
  DEVICE_TYPE_VIDEO_DONGLE = 6;
  DEVICE_TYPE_PC = 7;
  DEVICE_TYPE_AUTO = 8;
  DEVICE_TYPE_WEARABLE = 9;
  DEVICE_TYPE_CONNECTED_AUDIO_DEVICE = 10;
  DEVICE_TYPE_SMART_DISPLAY = 11;
  // Legacy identifier for records that were created for SoC integration.
  DEVICE_TYPE_SOC = 12;
}

// Specifies the platform and OS of the device.
enum Platform {
  PLATFORM_UNSPECIFIED = 0;
  PLATFORM_CHROMECAST = 1;
  PLATFORM_FUCHSIA = 2;
  PLATFORM_IOS = 3;
  PLATFORM_IPAD_OS = 4;
  PLATFORM_TV_OS = 5;
  PLATFORM_ANDROID = 6;
  PLATFORM_WINDOWS = 7;
  PLATFORM_CHROME_OS = 8;
  PLATFORM_MAC_OS = 9;
  PLATFORM_LINUX = 10;
  PLATFORM_WEB_OS = 11;
  PLATFORM_TIZEN = 12;
  PLATFORM_FIRE_OS = 13;
  PLATFORM_ROKU = 14;
  PLATFORM_PLAYSTATION = 15;
  PLATFORM_XBOX = 16;
  PLATFORM_KAIOS = 17;
  PLATFORM_RDK = 18;
  PLATFORM_OTHER = 19;
}

// This is used for tri-state answers. Yes-TEE, Yes-REE, No.
// This has to be in device_common to avoid import conflicts between security
// profiles and device security profiles.
enum OsOptionalSupport {
  OS_OPTIONAL_SUPPORT_UNSPECIFIED = 0;
  YES_TEE = 1;
  YES_REE = 2;
  NO_SUPPORT = 3;
}

// Version of High-bandwidth Digital Content Protection (HDCP).
// This has to be in device_common to avoid import conflicts between security
// profiles and device security profiles.
enum HdcpVersion {
  HDCP_VERSION_UNSPECIFIED = 0;
  HDCP_V1 = 1;
  HDCP_V2 = 2;
  HDCP_V2_1 = 3;
  HDCP_V2_2 = 4;
  HDCP_V2_3 = 5;
}

// Widevine device security level.
enum DeviceSecurityLevel {
  SECURITY_LEVEL_UNSPECIFIED = 0;
  LEVEL_1 = 1;
  LEVEL_2 = 2;
  LEVEL_3 = 3;
}

// Defines the possible key types that can be issued for certificates.
// Historically, we only supported RSA with a standard Euler totient
// calculation. b/65383373 required that we distinguish between Euler and
// Carmichael totients for RSA keys. We also now support elliptic curve (EC)
// keys for certificates.
enum CertificateKeyType {
  // Code should treat UNSPECIFIED as RSA key type.
  // Code should treat UNSPECIFIED as NONE for a secondary encryption key in a
  // dual keyed cert.
  CERTIFICATE_KEY_TYPE_UNSPECIFIED = 0;
  // RSA key with the Euler OR Carmichael totient may be used.
  CERTIFICATE_KEY_TYPE_RSA = 1;
  // RSA key with ONLY Euler totient may be used.
  CERTIFICATE_KEY_TYPE_RSA_EULER = 2;
  // EC key.
  CERTIFICATE_KEY_TYPE_EC = 3;
}

// The RSAKeySize indicates the size of the device RSA key that will be used in
// a Widevine DRM device leaf certificate. This setting is only valid for
// devices that use CERTIFICATE_KEY_TYPE_RSA.
// Code should treat UNSPECIFIED as the default size of RSA_KEY_SIZE_2048.
enum RSAKeySize {
  RSA_KEY_SIZE_UNSPECIFIED = 0;
  RSA_KEY_SIZE_1024 = 1;
  RSA_KEY_SIZE_2048 = 2;
  RSA_KEY_SIZE_3072 = 3;
  RSA_KEY_SIZE_4096 = 4;
}

// Vulnerability levels as defined by NIST national vulnerability database.
// https://nvd.nist.gov/vuln-metrics/cvss
enum VulnerabilityLevel {
  VULNERABILITY_LEVEL_UNSPECIFIED = 0;
  VULNERABILITY_LEVEL_NONE = 1;
  VULNERABILITY_LEVEL_LOW = 2;
  VULNERABILITY_LEVEL_MEDIUM = 3;
  VULNERABILITY_LEVEL_HIGH = 4;
  VULNERABILITY_LEVEL_CRITICAL = 5;
}

// Device vulnerability information.
message VulnerabilityInfo {
  // Description of the vulnerability.
  string description = 1;
  // Buganizer number associated with the vulnerability.
  uint64 buganizer_number = 2;
  // Vulnerablity level of a device.
  VulnerabilityLevel vulnerability_level = 3;
}

// Only valid if the device is of provisioning type
// OTA_ANDROID_ATTESTATION_KEYBOX. In that model, the device uses Android
// attestation keybox information as part of the provisioning protocol in
// order to install widevine keybox.
message AndroidAttestationKeybox {
  // Private key for the ECDSA leaf certificate. Encrypted with wrapping key
  // from keystore.
  bytes ecdsa_private_key = 1;
  // Multiple certificates which form the certificate chain.
  // The order in the cert chain should be leaf cert, then intermediate
  // cert(s), then root cert.
  repeated bytes ecdsa_cert = 2;
  // Private key for the RSA leaf certificate(s). Encrypted with wrapping key
  // from keystore.
  bytes rsa_private_key = 3;
  // Multiple certificates which form the certificate chain.
  // The order in the cert chain should be leaf cert, then intermediate
  // cert(s), then root cert.
  repeated bytes rsa_cert = 4;
}