132 lines
5.0 KiB
Protocol Buffer
132 lines
5.0 KiB
Protocol Buffer
////////////////////////////////////////////////////////////////////////////////
|
|
// Copyright 2016 Google LLC.
|
|
//
|
|
// This software is licensed under the terms defined in the Widevine Master
|
|
// License Agreement. For a copy of this agreement, please contact
|
|
// widevine-licensing@google.com.
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
//
|
|
// Description:
|
|
// ClientIdentification messages used by provisioning and license protocols.
|
|
|
|
syntax = "proto2";
|
|
|
|
package widevine;
|
|
|
|
option java_package = "com.google.video.widevine.protos";
|
|
option java_outer_classname = "ClientIdentificationProtos";
|
|
|
|
|
|
// ClientIdentification message used to authenticate the client device.
|
|
message ClientIdentification {
|
|
enum TokenType {
|
|
KEYBOX = 0;
|
|
DRM_DEVICE_CERTIFICATE = 1;
|
|
REMOTE_ATTESTATION_CERTIFICATE = 2;
|
|
OEM_DEVICE_CERTIFICATE = 3;
|
|
}
|
|
|
|
message NameValue {
|
|
optional string name = 1;
|
|
optional string value = 2;
|
|
}
|
|
|
|
// Capabilities which not all clients may support. Used for the license
|
|
// exchange protocol only.
|
|
message ClientCapabilities {
|
|
enum HdcpVersion {
|
|
HDCP_NONE = 0;
|
|
HDCP_V1 = 1;
|
|
HDCP_V2 = 2;
|
|
HDCP_V2_1 = 3;
|
|
HDCP_V2_2 = 4;
|
|
HDCP_V2_3 = 5;
|
|
HDCP_NO_DIGITAL_OUTPUT = 0xff;
|
|
}
|
|
|
|
enum CertificateKeyType {
|
|
RSA_2048 = 0;
|
|
RSA_3072 = 1;
|
|
ECC_SECP256R1 = 2;
|
|
ECC_SECP384R1 = 3;
|
|
ECC_SECP521R1 = 4;
|
|
}
|
|
|
|
enum AnalogOutputCapabilities {
|
|
ANALOG_OUTPUT_UNKNOWN = 0;
|
|
ANALOG_OUTPUT_NONE = 1;
|
|
ANALOG_OUTPUT_SUPPORTED = 2;
|
|
ANALOG_OUTPUT_SUPPORTS_CGMS_A = 3;
|
|
}
|
|
|
|
optional bool client_token = 1 [default = false];
|
|
optional bool session_token = 2 [default = false];
|
|
optional bool video_resolution_constraints = 3 [default = false];
|
|
optional HdcpVersion max_hdcp_version = 4 [default = HDCP_NONE];
|
|
optional uint32 oem_crypto_api_version = 5;
|
|
// Client has hardware support for protecting the usage table, such as
|
|
// storing the generation number in secure memory. For Details, see:
|
|
// https://docs.google.com/document/d/1Mm8oB51SYAgry62mEuh_2OEkabikBiS61kN7HsDnh9Y/edit#heading=h.xgjl2srtytjt
|
|
optional bool anti_rollback_usage_table = 6 [default = false];
|
|
// The client shall report |srm_version| if available.
|
|
optional uint32 srm_version = 7;
|
|
// A device may have SRM data, and report a version, but may not be capable
|
|
// of updating SRM data.
|
|
optional bool can_update_srm = 8 [default = false];
|
|
repeated CertificateKeyType supported_certificate_key_type = 9;
|
|
optional AnalogOutputCapabilities analog_output_capabilities = 10
|
|
[default = ANALOG_OUTPUT_UNKNOWN];
|
|
optional bool can_disable_analog_output = 11 [default = false];
|
|
// Clients can indicate a performance level supported by OEMCrypto.
|
|
// This will allow applications and providers to choose an appropriate
|
|
// quality of content to serve. Currently defined tiers are
|
|
// 1 (low), 2 (medium) and 3 (high). Any other value indicate that
|
|
// the resource rating is unavailable or reporting erroneous values
|
|
// for that device. For details see,
|
|
// https://docs.google.com/document/d/1wodSYK-Unj3AgTSXqujWuBCAFC00qF85G1AhfLtqdko
|
|
optional uint32 resource_rating_tier = 12 [default = 0];
|
|
}
|
|
|
|
message ClientCredentials {
|
|
optional TokenType type = 1 [default = KEYBOX];
|
|
optional bytes token = 2;
|
|
}
|
|
|
|
// Type of factory-provisioned device root of trust. Optional.
|
|
optional TokenType type = 1 [default = KEYBOX];
|
|
// Factory-provisioned device root of trust. Required.
|
|
optional bytes token = 2;
|
|
// Optional client information name/value pairs.
|
|
repeated NameValue client_info = 3;
|
|
// Client token generated by the content provider. Optional.
|
|
optional bytes provider_client_token = 4;
|
|
// Number of licenses received by the client to which the token above belongs.
|
|
// Only present if client_token is specified.
|
|
optional uint32 license_counter = 5;
|
|
// List of non-baseline client capabilities.
|
|
optional ClientCapabilities client_capabilities = 6;
|
|
// Serialized VmpData message. Optional.
|
|
optional bytes vmp_data = 7;
|
|
// Optional field that may contain additional provisioning credentials.
|
|
optional ClientCredentials device_credentials = 8;
|
|
}
|
|
|
|
// EncryptedClientIdentification message used to hold ClientIdentification
|
|
// messages encrypted for privacy purposes.
|
|
message EncryptedClientIdentification {
|
|
// Provider ID for which the ClientIdentifcation is encrypted (owner of
|
|
// service certificate).
|
|
optional string provider_id = 1;
|
|
// Serial number for the service certificate for which ClientIdentification is
|
|
// encrypted.
|
|
optional bytes service_certificate_serial_number = 2;
|
|
// Serialized ClientIdentification message, encrypted with the privacy key
|
|
// using AES-128-CBC with PKCS#5 padding.
|
|
optional bytes encrypted_client_id = 3;
|
|
// Initialization vector needed to decrypt encrypted_client_id.
|
|
optional bytes encrypted_client_id_iv = 4;
|
|
// AES-128 privacy key, encrypted with the service public key using RSA-OAEP.
|
|
optional bytes encrypted_privacy_key = 5;
|
|
}
|