151 lines
6.3 KiB
Protocol Buffer
151 lines
6.3 KiB
Protocol Buffer
// Copyright 2018 Google LLC. All rights reserved.
|
|
//
|
|
// Description:
|
|
// Definitions of the protocol buffer messages used in the Widevine license
|
|
// exchange protocol for Media CAS.
|
|
|
|
syntax = "proto2";
|
|
|
|
option java_package = "com.google.video.widevine.mediacaslicense";
|
|
|
|
import "protos/public/hash_algorithm.proto";
|
|
import "protos/public/license_protocol.proto";
|
|
import "protos/public/license_server_sdk.proto";
|
|
import "protos/public/media_cas_encryption.proto";
|
|
|
|
package video_widevine;
|
|
// TODO(b/169278959): move ProxyInfo into media_drm_license.proto.
|
|
message CasDrmLicenseRequest {
|
|
// The request payload. This is usually the HTTP Post body of a request.
|
|
// Required.
|
|
optional bytes payload = 1;
|
|
// The content provider whose proxy is sending this license request onto the
|
|
// Widevine license service. Required.
|
|
optional string provider_id = 2;
|
|
// An identifier supplied by a content provider, used to identify a piece of
|
|
// content and derive key IDs and content keys.
|
|
optional bytes content_id = 3;
|
|
// A ContentKeySpec identifies a content key by track type name. It also
|
|
// specifies the policy that should be used for this key.
|
|
// TODO(hali): Consolidate this ContentKeySpec with
|
|
// ModularDrmLicenseRequest_ContentKeySpec. Both should include a common
|
|
// ContentKeySpec.
|
|
message ContentKeySpec {
|
|
optional License.KeyContainer.SecurityLevel security_level = 1;
|
|
optional License.KeyContainer.OutputProtection required_output_protection =
|
|
2;
|
|
optional License.KeyContainer.OutputProtection requested_output_protection =
|
|
3;
|
|
// Optionally specify even, odd or single slot for key rotation.
|
|
repeated CasEncryptionResponse.KeyInfo entitlement_keys = 4;
|
|
optional License.KeyContainer.KeyType key_type = 5;
|
|
// A track type is used to represent a set of tracks that share the same
|
|
// content key and security level. Common values are SD, HD, UHD1, UHD2
|
|
// and AUDIO. Content providers may use arbitrary strings for track type
|
|
// as long as they are consistent with the track types used at packaging
|
|
// time.
|
|
optional string track_type = 6;
|
|
// A Key Category Spec is used to identify if current key is generated for a
|
|
// single content or a group of contents.
|
|
optional License.KeyContainer.KeyCategorySpec key_category_spec = 7;
|
|
}
|
|
repeated ContentKeySpec content_key_specs = 4;
|
|
// Policy for the entire license such as playback duration.
|
|
optional License.Policy policy = 5;
|
|
// Pass optional data to initial license.
|
|
optional SessionInit session_init = 6;
|
|
// This field is used when proxy sdk generates CasDrmLicenseRequest.It
|
|
// combines the DrmCertificate::ServiceType and SDK version.
|
|
optional ProxyInfo proxy_info = 7;
|
|
// Indicates all key values in ContentKeySpec are encrypted with this
|
|
// sesion key. This session key is encrypted with the providers AES key. If
|
|
// session_key is used, session_iv must also be specified.
|
|
optional bytes session_key = 8;
|
|
// Indicates all key values in ContentKeySpec are encrypted with this
|
|
// session IV. This session IV is encrypted with the provider's AES key.
|
|
optional bytes session_iv = 9;
|
|
// Public signing key provided by content providers, used to verify the
|
|
// received ECM/EMM signature. The key must be an elliptic-curve key.
|
|
optional bytes provider_ecm_verifier_public_key = 10;
|
|
}
|
|
|
|
message CasDrmLicenseResponse {
|
|
enum Status {
|
|
UNKNOWN = 0;
|
|
OK = 1;
|
|
SIGNATURE_FAILED = 2;
|
|
INVALID_LICENSE_CHALLENGE = 3;
|
|
PROVIDER_ID_MISSING = 4;
|
|
INVALID_CONTENT_INFO = 5;
|
|
EMPTY_CONTENT_INFO = 6;
|
|
CONTENT_ID_MISMATCH = 7;
|
|
DEPRECATED_MISSING_CONTENT_ID = 8;
|
|
MALFORMED_REQUEST = 9;
|
|
INTERNAL_ERROR = 10;
|
|
SIGNING_KEY_EXPIRED = 11;
|
|
}
|
|
optional Status status = 1;
|
|
optional string status_message = 2;
|
|
// Serialzed bytes for a CAS license.
|
|
// TODO(hali): Until a CAS license protocol is defined, this field is a
|
|
// serialized License message defined in license_protocol.proto.
|
|
optional bytes license = 3;
|
|
// Actual SDK license status as defined in widevine/protos/public/errors.proto
|
|
optional uint32 internal_status = 4;
|
|
// Indicates the type of message in the license response.
|
|
optional SignedMessage.MessageType message_type = 5;
|
|
// A subset of data from the Widevine PSSH.
|
|
message PsshData {
|
|
repeated bytes key_id = 1;
|
|
optional bytes content_id = 2;
|
|
// If this is a group key license, this is the group identifier.
|
|
optional bytes group_id = 3;
|
|
}
|
|
message LicenseMetadata {
|
|
optional bytes content_id = 1;
|
|
repeated bytes key_id = 2;
|
|
}
|
|
optional PsshData pssh_data = 6;
|
|
optional SessionState session_state = 7;
|
|
optional string content_owner = 8;
|
|
optional string content_provider = 9;
|
|
optional LicenseMetadata license_metadata = 10;
|
|
message DeviceInfo {
|
|
// Make as identified from the provisioned device info. If that is not
|
|
// available, the device make will be retrieved from the license request.
|
|
optional string make = 1;
|
|
// Model as identified from the provisioned device info. If that is not
|
|
// available, the device model will be retrieved from the license request.
|
|
optional string model = 2;
|
|
// Widevine-defined device security level.
|
|
optional uint32 security_level = 3;
|
|
// Globally unique serial number of certificate associated with this
|
|
// device.
|
|
optional bytes drm_cert_serial_number = 4;
|
|
// Platform specifies the OS or device type and perhaps other software
|
|
// information for the device receving this license response.
|
|
// Example: Android, iOS, Chrome, PC.
|
|
optional string platform = 5;
|
|
// SystemID of the requesting device.
|
|
optional uint32 system_id = 6;
|
|
}
|
|
// Device information for the device making the CAS license request.
|
|
optional DeviceInfo device_info = 11;
|
|
}
|
|
|
|
message SignedCasDrmRequest {
|
|
optional bytes request = 1;
|
|
optional bytes signature = 2;
|
|
// Identifies the entity sending / signing the request. Required if signature
|
|
// is present.
|
|
optional string signer = 3;
|
|
// The IP Address of the portal that is forwarding the request from the
|
|
// original sender.
|
|
optional string client_ip_address = 4;
|
|
// The client software identifier, as used by HTTP.
|
|
optional string user_agent = 5;
|
|
optional string provider = 6;
|
|
// Optional field that indicates the hash algorithm used in signature scheme.
|
|
optional HashAlgorithmProto hash_algorithm = 7;
|
|
}
|