Update to support OEMCrypto v16 with ODK
This commit is contained in:
KongQun Yang
@@ -14,11 +14,12 @@ syntax = "proto2";
|
||||
|
||||
package widevine;
|
||||
|
||||
import "protos/public/hash_algorithm.proto";
|
||||
import "protos/public/provisioned_device_info.proto";
|
||||
|
||||
option java_outer_classname = "DeviceCertificateStatusProtos";
|
||||
option java_package = "com.google.video.widevine.protos";
|
||||
|
||||
import "protos/public/provisioned_device_info.proto";
|
||||
|
||||
// Contains DRM and OEM certificate status and device information for a
|
||||
// specific system ID.
|
||||
// TODO(user): Move this to its own file.
|
||||
@@ -35,6 +36,18 @@ message DeviceCertificateStatus {
|
||||
STATUS_REVOKED = 40; // Revoked device.
|
||||
}
|
||||
|
||||
message RevokedIdentifiers {
|
||||
// Contains a sorted list of DRM serial numbers that are revoked.
|
||||
repeated bytes revoked_certificate_serial_numbers = 1;
|
||||
// Contains a sorted list of revoked_unique_id_hashes that are revoked.
|
||||
// These identifiers are hash values of the root of trust identifier.
|
||||
// For a keybox, hash = SHA256(KeyboxUniqueID || SecretSauce) where
|
||||
// SecretSauce is a Widevine owned secret. For Provisioning 3.0, hash =
|
||||
// SHA256(X509SerialNumber|| SecretSauce) where SecretSauce is a Widevine
|
||||
// owned secret.
|
||||
repeated bytes revoked_unique_id_hashes = 2;
|
||||
}
|
||||
|
||||
// Serial number of the intermediate DrmCertificate to which this
|
||||
// message refers. Required.
|
||||
optional bytes drm_serial_number = 1;
|
||||
@@ -49,6 +62,10 @@ message DeviceCertificateStatus {
|
||||
optional bytes oem_serial_number = 5;
|
||||
// Status of the device. Optional.
|
||||
optional Status status = 6 [default = STATUS_UNKNOWN];
|
||||
|
||||
// RevokedIdentifiers collect all the serial_numbers or unique_id_hashes used
|
||||
// for individual drm certificate revocation.
|
||||
optional RevokedIdentifiers revoked_identifiers = 7;
|
||||
}
|
||||
|
||||
// List of DeviceCertificateStatus. Used to propagate certificate revocation
|
||||
@@ -58,10 +75,15 @@ message DeviceCertificateStatusList {
|
||||
optional uint32 creation_time_seconds = 1;
|
||||
// DeviceCertificateStatus for each system ID.
|
||||
repeated DeviceCertificateStatus certificate_status = 2;
|
||||
// The duration for this device certificate status list in seconds. Within
|
||||
// this grace period, content provider can set device certificate status list
|
||||
// in the SDK. The default time is 7 days.
|
||||
optional uint32 duration_time_seconds = 3;
|
||||
}
|
||||
|
||||
// List of DeviceCertificateStatus. Used to propagate certificate revocation
|
||||
// status and device information. (Used in published devices library)
|
||||
message PublishedDevicesList {
|
||||
// POSIX time, in seconds, when the list was created. Required.
|
||||
optional uint32 creation_time_seconds = 1;
|
||||
// DeviceCertificateStatus for each system ID.
|
||||
repeated DeviceCertificateStatus device_certificate_status = 2;
|
||||
}
|
||||
|
||||
// Signed CertificateStatusList
|
||||
@@ -71,43 +93,6 @@ message SignedDeviceCertificateStatusList {
|
||||
// Signature of certificate_status_list. Signed with root certificate private
|
||||
// key using RSASSA-PSS. Required.
|
||||
optional bytes signature = 2;
|
||||
}
|
||||
|
||||
// A signed request sent to Widevine Provisioning Server (keysmith) to retrieve
|
||||
// 'DeviceCertificateStatusList'.
|
||||
message SignedDeviceCertificateStatusListRequest {
|
||||
// Serialized DeviceCertificateStatusListRequest. Required.
|
||||
optional bytes device_certificate_status_list_request = 1;
|
||||
// Signature of device_certificate_status_list_request. Signed with root
|
||||
// certificate private key using RSASSA-PSS. Required.
|
||||
optional bytes signature = 2;
|
||||
}
|
||||
|
||||
// A request sent to Widevine Provisioning Server (keysmith) to retrieve
|
||||
// 'DeviceCertificateStatusList'.
|
||||
message DeviceCertificateStatusListRequest {
|
||||
// The version of sdk. Required.
|
||||
optional string sdk_version = 1;
|
||||
// POSIX time, in seconds, when this request was created. Required.
|
||||
optional uint64 sdk_time_seconds = 2;
|
||||
}
|
||||
|
||||
// Contains response from Widevine Provisioning Server with status and
|
||||
// DeviceCertificateStatusList information.
|
||||
message DeviceCertificateStatusListResponse {
|
||||
enum Status {
|
||||
UNKNOWN = 0;
|
||||
OK = 1;
|
||||
SIGNATURE_FAILED = 2;
|
||||
NOT_AUTHORIZED = 3;
|
||||
AUTHORIZATION_EXPIRED = 4;
|
||||
PROVIDER_ID_MISSING = 5;
|
||||
INTERNAL_ERROR = 6;
|
||||
}
|
||||
// Status returned by the Widevine Provisioning Server. Required.
|
||||
optional Status status = 1;
|
||||
// String message returned by the Widevine Provisioning Server.
|
||||
optional string status_message = 2;
|
||||
// Serialized SignedDeviceCertificateStatusList. Required.
|
||||
optional bytes signed_device_certificate_status_list = 3;
|
||||
// Optional field that indicates the hash algorithm used in signature scheme.
|
||||
optional HashAlgorithmProto hash_algorithm = 3;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user