Refactor and cleanup codes. No functional changes.

protos/public/BUILD

@@ -1,5 +1,5 @@
 ################################################################################
-# Copyright 2016 Google Inc.
+# Copyright 2016 Google LLC.
 #
 # This software is licensed under the terms defined in the Widevine Master
 # License Agreement. For a copy of this agreement, please contact
@@ -19,7 +19,8 @@ filegroup(
         "certificate_provisioning.proto",
         "client_identification.proto",
         "provisioned_device_info.proto",
-        "signed_device_certificate.proto",
+        "remote_attestation.proto",
+        "signed_drm_certificate.proto",
     ]
 )
 
@@ -28,7 +29,10 @@ cc_proto_library(
     srcs = ["certificate_provisioning.proto"],
     default_runtime = "@protobuf_repo//:protobuf",
     protoc = "@protobuf_repo//:protoc",
-    deps = [":client_identification_proto"],
+    deps = [
+        ":client_identification_proto",
+        ":remote_attestation_proto",
+    ],
 )
 
 py_proto_library(
@@ -36,7 +40,10 @@ py_proto_library(
     srcs = ["certificate_provisioning.proto"],
     default_runtime = "@protobuf_repo//:protobuf_python",
     protoc = "@protobuf_repo//:protoc",
-    deps = [":client_identification_py_pb2"],
+    deps = [
+        ":client_identification_py_pb2",
+        ":remote_attestation_py_pb2",
+    ],
 )
 
 cc_proto_library(
@@ -54,31 +61,70 @@ py_proto_library(
 )
 
 cc_proto_library(
-    name = "device_certificate_proto",
-    srcs = ["device_certificate.proto"],
+    name = "device_certificate_status_proto",
+    srcs = ["device_certificate_status.proto"],
     default_runtime = "@protobuf_repo//:protobuf",
     protoc = "@protobuf_repo//:protoc",
     deps = [":provisioned_device_info_proto"],
 )
 
 py_proto_library(
-    name = "device_certificate_py_pb2",
-    srcs = ["device_certificate.proto"],
+    name = "device_certificate_status_py_pb2",
+    srcs = ["device_certificate_status.proto"],
     default_runtime = "@protobuf_repo//:protobuf_python",
     protoc = "@protobuf_repo//:protoc",
     deps = [":provisioned_device_info_py_pb2"],
 )
 
 cc_proto_library(
-    name = "signed_device_certificate_proto",
-    srcs = ["signed_device_certificate.proto"],
+    name = "drm_certificate_proto",
+    srcs = ["drm_certificate.proto"],
+    default_runtime = "@protobuf_repo//:protobuf",
+    protoc = "@protobuf_repo//:protoc",
+    deps = [":provisioned_device_info_proto"],
+)
+
+py_proto_library(
+    name = "drm_certificate_py_pb2",
+    srcs = ["drm_certificate.proto"],
+    default_runtime = "@protobuf_repo//:protobuf_python",
+    protoc = "@protobuf_repo//:protoc",
+    deps = [":provisioned_device_info_py_pb2"],
+)
+
+cc_proto_library(
+    name = "errors_proto",
+    srcs = ["errors.proto"],
+    default_runtime = "@protobuf_repo//:protobuf",
+    protoc = "@protobuf_repo//:protoc",
+)
+
+cc_proto_library(
+    name = "remote_attestation_proto",
+    srcs = ["remote_attestation.proto"],
+    default_runtime = "@protobuf_repo//:protobuf",
+    protoc = "@protobuf_repo//:protoc",
+    deps = [":client_identification_proto"],
+)
+
+py_proto_library(
+    name = "remote_attestation_py_pb2",
+    srcs = ["remote_attestation.proto"],
+    default_runtime = "@protobuf_repo//:protobuf_python",
+    protoc = "@protobuf_repo//:protoc",
+    deps = [":client_identification_py_pb2"],
+)
+
+cc_proto_library(
+    name = "signed_drm_certificate_proto",
+    srcs = ["signed_drm_certificate.proto"],
     default_runtime = "@protobuf_repo//:protobuf",
     protoc = "@protobuf_repo//:protoc",
 )
 
 py_proto_library(
-    name = "signed_device_certificate_py_pb2",
-    srcs = ["signed_device_certificate.proto"],
+    name = "signed_drm_certificate_py_pb2",
+    srcs = ["signed_drm_certificate.proto"],
     default_runtime = "@protobuf_repo//:protobuf_python",
     protoc = "@protobuf_repo//:protoc",
 )

protos/public/certificate_provisioning.proto

@@ -1,5 +1,5 @@
 ////////////////////////////////////////////////////////////////////////////////
-// Copyright 2016 Google Inc.
+// Copyright 2016 Google LLC.
 //
 // This software is licensed under the terms defined in the Widevine Master
 // License Agreement. For a copy of this agreement, please contact
@@ -17,13 +17,15 @@ package widevine;
 option java_package = "com.google.video.widevine.protos";
 
 import "protos/public/client_identification.proto";
+import "protos/public/remote_attestation.proto";
 
 // ProvisioningOptions specifies the type of certificate to specify and
 // in the case of X509 certificates, the certificate authority to use.
 message ProvisioningOptions {
   enum CertificateType {
-    WIDEVINE_DRM = 0; // Default.  The original certificate type.
-    X509 = 1; // X.509 certificate.
+    WIDEVINE_DRM = 0;  // Default.  The original certificate type.
+    X509 = 1;          // X.509 certificate.
+    WIDEVINE_KEYBOX = 2;
   }
 
   optional CertificateType certificate_type = 1 [default = WIDEVINE_DRM];
@@ -32,10 +34,30 @@ message ProvisioningOptions {
   // authority for signing the generated certificate. This is required iff the
   // certificate type is X509.
   optional string certificate_authority = 2;
+  // System ID for OTA keybox provisioning. Requires device secure boot.
+  optional uint32 system_id = 3;
 }
 
 // Provisioning request sent by client devices to provisioning service.
 message ProvisioningRequest {
+  message EncryptedSessionKeys {
+    message SessionKeys {
+      // 16 bytes encryption key generated by client, used by the server to:
+      // (1) AES-128-CBC decrypt encrypted_client_id in
+      //     EncryptedClientIdentification which is in RemoteAttestation
+      // (2) AES-128-CBC encrypt device_key to be returned in
+      //     ProvisioningResponse.
+      optional bytes encryption_key = 1;
+      // 32 bytes mac key generated by client, used by server to sign
+      // the ProvisioningResponse.
+      optional bytes mac_key = 2;
+    }
+    // Serial number of certificate which was used to encrypt the session keys.
+    // Required.
+    optional bytes certificate_serial_number = 1;
+    // Serialized, encrypted session keys.  Required.
+    optional bytes encrypted_session_keys = 2;
+  }
   oneof clear_or_encrypted_client_id {
     // Device root of trust and other client identification. Required.
     ClientIdentification client_id = 1;
@@ -56,12 +78,25 @@ message ProvisioningRequest {
     // to the client certificate serial number.
     bytes spoid = 7;
   }
+  // SessionKeys encrypted using a service cert public key.
+  // Required for keybox provisioning.
+  optional EncryptedSessionKeys encrypted_session_keys = 8;
 }
 
 // Provisioning response sent by the provisioning server to client devices.
 // This message is used for both regular Widevine DRM certificates and for
 // application-specific X.509 certificates.
 message ProvisioningResponse {
+  message OtaKeybox {
+    // Iv used along with SessionKeys.encryption_key for encrypting device key.
+    optional bytes device_key_encryption_iv = 1;
+    // Device key component of the keybox, encrypted using the
+    // SessionKeys.encryption_key in the request and |device_key_encryption_iv|
+    // above.
+    optional bytes encrypted_device_key = 2;
+    // Device CA token component of the keybox.
+    optional bytes device_ca_token = 3;
+  }
   // AES-128 encrypted device private RSA key. PKCS#1 ASN.1 DER-encoded.
   // Required. For X.509 certificates, the private RSA key may also include
   // a prefix as specified by private_key_prefix in the X509CertificateMetadata
@@ -70,7 +105,7 @@ message ProvisioningResponse {
   // Initialization vector used to encrypt device_rsa_key. Required.
   optional bytes device_rsa_key_iv = 2;
   // For Widevine DRM certificates, this contains the serialized
-  // SignedDrmDeviceCertificate. For X.509 certificates, this contains the PEM
+  // SignedDrmCertificate. For X.509 certificates, this contains the PEM
   // encoded X.509 certificate. Required.
   optional bytes device_certificate = 3;
   // Nonce value matching nonce in ProvisioningRequest. Required.
@@ -79,21 +114,60 @@ message ProvisioningResponse {
   // provisioned device. Encrypted with the device OEM public key using
   // RSA-OAEP.
   optional bytes wrapping_key = 5;
+  // Only populated in OTA keybox provisioning response.
+  optional OtaKeybox ota_keybox = 6;
+}
+
+// Protocol-specific context data used to hold the state of the server in
+// stateful provisioning protocols. For more information, please refer to
+// mE_ZP4WmSX-JNldg
+message ProvisioningContext {
+  // Serialized ProvisioningContextKeyData. Required.
+  optional bytes key_data = 1;
+  // Protocol-dependent context data, encrypted with key and IV in key_data.
+  // Required.
+  optional bytes context_data = 2;
+  // HMAC-SHA256 MAC of |context_data|, generated using MAC key in key_data.
+  optional bytes mac = 3;
+}
+
+// Cryptographic tokens to be used for ProvisioningContext.
+message ProvisioningContextKeyData {
+  // Encryption key, usually 32 bytes used for AES-256-CBC. Required.
+  optional bytes encryption_key = 1;
+  // Encryption IV, 16 bytes. Required.
+  optional bytes encryption_iv = 2;
+  // MAC key, usually 32 bytes used with HMAC-SHA256. Required.
+  optional bytes mac_key = 3;
 }
 
 // Serialized ProvisioningRequest or ProvisioningResponse signed with
 // The message authentication key.
 message SignedProvisioningMessage {
   enum ProtocolVersion {
-    PROVISIONING_20 = 2;  // Keybox factory-provisioned devices.
-    PROVISIONING_30 = 3;  // OEM certificate factory-provisioned devices.
-    INTEL_SIGMA_101 = 101;  // Intel Sigma 1.0.1 protocol.
+    SERVICE_CERTIFICATE_REQUEST = 1;  // Service certificate request.
+    PROVISIONING_20 = 2;              // Keybox factory-provisioned devices.
+    PROVISIONING_30 = 3;     // OEM certificate factory-provisioned devices.
+    ARCPP_PROVISIONING = 4;  // ChromeOS/Arc++ devices.
+    INTEL_SIGMA_101 = 101;   // Intel Sigma 1.0.1 protocol.
   }
 
-  // Serialized ProvisioningRequest or ProvisioningResponse. Required.
+  // Serialized protobuf message for the corresponding protocol and stage of
+  // the provisioning exchange. ProvisioningRequest or ProvisioningResponse
+  // in the case of Provisioning 2.0, 3.0 and ARCPP_PROVISIONING. Required.
   optional bytes message = 1;
-  // HMAC-SHA256 (Keybox) or RSASSA-PSS (OEM) signature of message. Required.
+  // HMAC-SHA256 (Keybox) or RSASSA-PSS (OEM) signature of message. Required
+  // for provisioning 2.0 and 3.0. For ARCPP_PROVISIONING, only used in
+  // response.
   optional bytes signature = 2;
   // Version number of provisioning protocol.
   optional ProtocolVersion protocol_version = 3 [default = PROVISIONING_20];
+  // Protocol-specific context / state information for multiple-exchange,
+  // stateful provisioing protocols.  Optional.
+  optional ProvisioningContext provisioning_context = 4;
+  // Remote attestation data to authenticate that the ChromeOS client device
+  // is operating in verified mode. Remote attestation challenge data is
+  // |message| field above. Required for ARCPP_PROVISIONING request.
+  // It contains signature of |message|.
+  optional RemoteAttestation remote_attestation = 5;
 }

protos/public/client_identification.proto

@@ -1,5 +1,5 @@
 ////////////////////////////////////////////////////////////////////////////////
-// Copyright 2016 Google Inc.
+// Copyright 2016 Google LLC.
 //
 // This software is licensed under the terms defined in the Widevine Master
 // License Agreement. For a copy of this agreement, please contact
@@ -40,6 +40,7 @@ message ClientIdentification {
       HDCP_V2 = 2;
       HDCP_V2_1 = 3;
       HDCP_V2_2 = 4;
+      HDCP_V2_3 = 5;
       HDCP_NO_DIGITAL_OUTPUT = 0xff;
     }
 
@@ -48,6 +49,13 @@ message ClientIdentification {
       RSA_3072 = 1;
     }
 
+    enum AnalogOutputCapabilities {
+      ANALOG_OUTPUT_UNKNOWN = 0;
+      ANALOG_OUTPUT_NONE = 1;
+      ANALOG_OUTPUT_SUPPORTED = 2;
+      ANALOG_OUTPUT_SUPPORTS_CGMS_A = 3;
+    }
+
     optional bool client_token = 1 [default = false];
     optional bool session_token = 2 [default = false];
     optional bool video_resolution_constraints = 3 [default = false];
@@ -63,6 +71,17 @@ message ClientIdentification {
     // of updating SRM data.
     optional bool can_update_srm = 8 [default = false];
     repeated CertificateKeyType supported_certificate_key_type = 9;
+    optional AnalogOutputCapabilities analog_output_capabilities = 10
+        [default = ANALOG_OUTPUT_UNKNOWN];
+    optional bool can_disable_analog_output = 11 [default = false];
+    // Clients can indicate a performance level supported by OEMCrypto.
+    // This will allow applications and providers to choose an appropriate
+    // quality of content to serve. Currently defined tiers are
+    // 1 (low), 2 (medium) and 3 (high). Any other value indicate that
+    // the resource rating is unavailable or reporting erroneous values
+    // for that device. For details see,
+    // https://docs.google.com/document/d/1wodSYK-Unj3AgTSXqujWuBCAFC00qF85G1AhfLtqdko
+    optional uint32 resource_rating_tier = 12 [default = 0];
   }
 
   // Type of factory-provisioned device root of trust. Optional.

protos/public/device_certificate.proto

@@ -1,91 +0,0 @@
-////////////////////////////////////////////////////////////////////////////////
-// Copyright 2016 Google Inc.
-//
-// This software is licensed under the terms defined in the Widevine Master
-// License Agreement. For a copy of this agreement, please contact
-// widevine-licensing@google.com.
-////////////////////////////////////////////////////////////////////////////////
-
-//
-// Description:
-//   Device certificate and certificate status list format definitions.
-
-syntax = "proto2";
-
-package widevine;
-
-option java_outer_classname = "DeviceCertificateProtos";
-option java_package = "com.google.video.widevine.protos";
-
-import "protos/public/provisioned_device_info.proto";
-
-// DRM certificate definition for user devices, intermediate, service, and root
-// certificates.
-message DrmDeviceCertificate {
-  enum CertificateType {
-    ROOT = 0;
-    DRM_INTERMEDIATE = 1;
-    DRM_USER_DEVICE = 2;
-    SERVICE = 3;
-    PROVISIONER = 4;
-  }
-
-  // Type of certificate. Required.
-  optional CertificateType type = 1;
-  // 128-bit globally unique serial number of certificate.
-  // Value is 0 for root certificate. Required.
-  optional bytes serial_number = 2;
-  // POSIX time, in seconds, when the certificate was created. Required.
-  optional uint32 creation_time_seconds = 3;
-  // Device public key. PKCS#1 ASN.1 DER-encoded. Required.
-  optional bytes public_key = 4;
-  // Widevine system ID for the device. Required for intermediate and
-  // user device certificates.
-  optional uint32 system_id = 5;
-  // Deprecated field, which used to indicate whether the device was a test
-  // (non-production) device. The test_device field in ProvisionedDeviceInfo
-  // below should be observed instead.
-  optional bool test_device_deprecated = 6 [deprecated = true];
-  // Service identifier (web origin) for the provider which owns the
-  // certificate. Required for service and provisioner certificates.
-  optional string provider_id = 7;
-}
-
-// Contains DRM and OEM certificate status and device information for a
-// specific system ID.
-message DeviceCertificateStatus {
-  enum Status {
-    VALID = 0;
-    REVOKED = 1;
-  };
-
-  // Serial number of the intermediate DrmDeviceCertificate to which this
-  // message refers. Required.
-  optional bytes drm_serial_number = 1;
-  // Status of the certificate. Optional.
-  optional Status status = 2 [default = VALID];
-  // Device model information about the device to which the intermediate
-  // certificate(s) correspond.
-  optional ProvisionedDeviceInfo device_info = 4;
-  // Serial number of the OEM X.509 intermediate certificate for this type
-  // of device. Present only if the device is OEM-provisioned.
-  optional bytes oem_serial_number = 5;
-}
-
-// List of DeviceCertificateStatus. Used to propagate certificate revocation
-// status and device information.
-message DeviceCertificateStatusList {
-  // POSIX time, in seconds, when the list was created. Required.
-  optional uint32 creation_time_seconds = 1;
-  // DeviceCertificateStatus for each system ID.
-  repeated DeviceCertificateStatus certificate_status = 2;
-}
-
-// Signed CertificateStatusList
-message SignedCertificateStatusList {
-  // Serialized DeviceCertificateStatusList. Required.
-  optional bytes certificate_status_list = 1;
-  // Signature of certificate_status_list. Signed with root certificate private
-  // key using RSASSA-PSS. Required.
-  optional bytes signature = 2;
-}

protos/public/device_certificate_status.proto

@@ -0,0 +1,113 @@
+////////////////////////////////////////////////////////////////////////////////
+// Copyright 2017 Google LLC.
+//
+// This software is licensed under the terms defined in the Widevine Master
+// License Agreement. For a copy of this agreement, please contact
+// widevine-licensing@google.com.
+////////////////////////////////////////////////////////////////////////////////
+//
+//
+// Description:
+//   Device certificate status list object definitions.
+
+syntax = "proto2";
+
+package widevine;
+
+option java_outer_classname = "DeviceCertificateStatusProtos";
+option java_package = "com.google.video.widevine.protos";
+
+import "protos/public/provisioned_device_info.proto";
+
+// Contains DRM and OEM certificate status and device information for a
+// specific system ID.
+// TODO(user): Move this to its own file.
+message DeviceCertificateStatus {
+  enum DeprecatedStatus {
+    DEPRECATED_VALID = 0;
+    DEPRECATED_REVOKED = 1;
+  }
+  enum Status {
+    STATUS_UNKNOWN = 0;
+    STATUS_IN_TESTING = 10;  // Pre-release, active device.
+    STATUS_RELEASED = 20;    // Released, active device.
+    STATUS_TEST_ONLY = 30;   // Development-only device.
+    STATUS_REVOKED = 40;     // Revoked device.
+  }
+
+  // Serial number of the intermediate DrmCertificate to which this
+  // message refers. Required.
+  optional bytes drm_serial_number = 1;
+  // Status of the certificate. Optional & deprecated in favor of |status|
+  // below.
+  optional DeprecatedStatus deprecated_status = 2 [default = DEPRECATED_VALID];
+  // Device model information about the device to which the intermediate
+  // certificate(s) correspond.
+  optional ProvisionedDeviceInfo device_info = 4;
+  // Serial number of the OEM X.509 intermediate certificate for this type
+  // of device. Present only if the device is OEM-provisioned.
+  optional bytes oem_serial_number = 5;
+  // Status of the device. Optional.
+  optional Status status = 6 [default = STATUS_UNKNOWN];
+}
+
+// List of DeviceCertificateStatus. Used to propagate certificate revocation
+// status and device information.
+message DeviceCertificateStatusList {
+  // POSIX time, in seconds, when the list was created. Required.
+  optional uint32 creation_time_seconds = 1;
+  // DeviceCertificateStatus for each system ID.
+  repeated DeviceCertificateStatus certificate_status = 2;
+  // The duration for this device certificate status list in seconds. Within
+  // this grace period, content provider can set device certificate status list
+  // in the SDK. The default time is 7 days.
+  optional uint32 duration_time_seconds = 3;
+}
+
+// Signed CertificateStatusList
+message SignedDeviceCertificateStatusList {
+  // Serialized DeviceCertificateStatusList. Required.
+  optional bytes certificate_status_list = 1;
+  // Signature of certificate_status_list. Signed with root certificate private
+  // key using RSASSA-PSS. Required.
+  optional bytes signature = 2;
+}
+
+// A signed request sent to Widevine Provisioning Server (keysmith) to retrieve
+// 'DeviceCertificateStatusList'.
+message SignedDeviceCertificateStatusListRequest {
+  // Serialized DeviceCertificateStatusListRequest. Required.
+  optional bytes device_certificate_status_list_request = 1;
+  // Signature of device_certificate_status_list_request. Signed with root
+  // certificate private key using RSASSA-PSS. Required.
+  optional bytes signature = 2;
+}
+
+// A request sent to Widevine Provisioning Server (keysmith) to retrieve
+// 'DeviceCertificateStatusList'.
+message DeviceCertificateStatusListRequest {
+  // The version of sdk. Required.
+  optional string sdk_version = 1;
+  // POSIX time, in seconds, when this request was created. Required.
+  optional uint64 sdk_time_seconds = 2;
+}
+
+// Contains response from Widevine Provisioning Server with status and
+// DeviceCertificateStatusList information.
+message DeviceCertificateStatusListResponse {
+  enum Status {
+    UNKNOWN = 0;
+    OK = 1;
+    SIGNATURE_FAILED = 2;
+    NOT_AUTHORIZED = 3;
+    AUTHORIZATION_EXPIRED = 4;
+    PROVIDER_ID_MISSING = 5;
+    INTERNAL_ERROR = 6;
+  }
+  // Status returned by the Widevine Provisioning Server. Required.
+  optional Status status = 1;
+  // String message returned by the Widevine Provisioning Server.
+  optional string status_message = 2;
+  // Serialized SignedDeviceCertificateStatusList. Required.
+  optional bytes signed_device_certificate_status_list = 3;
+}

protos/public/drm_certificate.proto

@@ -0,0 +1,55 @@
+////////////////////////////////////////////////////////////////////////////////
+// Copyright 2017 Google LLC.
+//
+// This software is licensed under the terms defined in the Widevine Master
+// License Agreement. For a copy of this agreement, please contact
+// widevine-licensing@google.com.
+////////////////////////////////////////////////////////////////////////////////
+
+//
+// Description:
+//   DRM certificate object definition.
+
+syntax = "proto2";
+
+package widevine;
+
+option java_outer_classname = "DrmCertificateProtos";
+option java_package = "com.google.video.widevine.protos";
+
+// DRM certificate definition for user devices, intermediate, service, and root
+// certificates.
+message DrmCertificate {
+  enum Type {
+    ROOT = 0;  // ProtoBestPractices: ignore.
+    DEVICE_MODEL = 1;
+    DEVICE = 2;
+    SERVICE = 3;
+    PROVISIONER = 4;
+  }
+  enum ServiceType {
+    UNKNOWN = 0; LICENSE_SERVER_SDK = 1; LICENSE_SERVER_PROXY_SDK = 2;
+  }
+  // Type of certificate. Required.
+  optional Type type = 1;
+  // 128-bit globally unique serial number of certificate.
+  // Value is 0 for root certificate. Required.
+  optional bytes serial_number = 2;
+  // POSIX time, in seconds, when the certificate was created. Required.
+  optional uint32 creation_time_seconds = 3;
+  // Device public key. PKCS#1 ASN.1 DER-encoded. Required.
+  optional bytes public_key = 4;
+  // Widevine system ID for the device. Required for intermediate and
+  // user device certificates.
+  optional uint32 system_id = 5;
+  // Deprecated field, which used to indicate whether the device was a test
+  // (non-production) device. The test_device field in ProvisionedDeviceInfo
+  // below should be observed instead.
+  optional bool test_device_deprecated = 6 [deprecated = true];
+  // Service identifier (web origin) for the provider which owns the
+  // certificate. Required for service and provisioner certificates.
+  optional string provider_id = 7;
+  // This field is used only when type = SERVICE to specify which SDK uses
+  // service certificate.
+  optional ServiceType service_type = 8 [default = UNKNOWN];
+}

protos/public/errors.proto

@@ -0,0 +1,242 @@
+////////////////////////////////////////////////////////////////////////////////
+// Copyright 2017 Google LLC.
+//
+// This software is licensed under the terms defined in the Widevine Master
+// License Agreement. For a copy of this agreement, please contact
+// widevine-licensing@google.com.
+////////////////////////////////////////////////////////////////////////////////
+//
+// Description:
+//   Definitions of the common Widevine protocol errors.
+
+syntax = "proto2";
+
+package widevine;
+option java_package = "com.google.video.widevine.protos";
+
+
+enum Errors {
+  // Attempt to parse the signed message failed.
+  SIGNED_MESSAGE_PARSE_ERROR = 100;
+
+  // Attempt to parse the license request message failed.
+  LICENSE_REQUEST_PARSE_ERROR = 101;
+
+  // Attempt to parse the session state message failed.
+  SESSION_STATE_PARSE_ERROR = 102;
+
+  // The license request does not contain content_id. Since client_id was
+  // not present, content_id was expected.
+  MISSING_CONTENT_ID = 103;
+
+  // The license request does not contain license_id. Since client_id was
+  // not present, license_id was expected.
+  MISSING_LICENSE_ID = 104;
+
+  // The license request does not contain client_id. Since this is not a
+  // renewal, client_id was expected.
+  MISSING_CLIENT_ID = 105;
+
+  // ClientCert construction failed.
+  INVALID_SIGNATURE = 106;
+
+  // Session Id from the session state does not match session Id specified.
+  SESSION_ID_MISMATCH = 107;
+
+  // License Id from session state does not match license Id in the renewal
+  // license request.
+  RENEWAL_LICENSE_ID_MISMATCH = 108;
+
+  // Signing key is missing from the session state.
+  MISSING_RENEWAL_SIGNING_KEY = 109;
+
+  // Signature verification failed when using the session's state signing key.
+  INVALID_RENEWAL_SIGNATURE = 110;
+
+  // System Id from the keybox is not supported.
+  UNSUPPORTED_SYSTEM_ID = 111;
+
+  // Error trying to encrypt.
+  ENCRYPT_ERROR = 112;
+
+  // Error trying to decrypt the keybox.
+  KEYBOX_DECRYPT_ERROR = 113;
+
+  // Client Id type is not expected.
+  INVALID_CLIENT_CERT_TYPE = 114;
+
+  // Error usung the keybox token.  Perhaps the size is less than 72 bytes.
+  INVALID_KEYBOX_TOKEN = 115;
+
+  // Unable to find a preprovisionnig key based on the system Id. Perhaps the
+  // device was revoked.
+  MISSING_PRE_PROV_KEY = 116;
+
+  // Unable to verify the token hash.
+  TOKEN_HASH_MISMATCH = 117;
+
+  // Unable to create the encryption key for the initial license.
+  MISSING_ENCRYPTION_KEY = 118;
+
+  // Signing key is missing from the session state.
+  MISSING_SIGNING_KEY = 119;
+
+  // Serialization failed.
+  UNABLE_TO_SERIALIZE_SIGNED_MESSAGE = 120;
+
+  // Serialization failed.
+  UNABLE_TO_SERIALIZE_SESSION_STATE = 121;
+
+  // Client cert is missing. Perhaps an attempt to renew with content keys.
+  MISSING_CLIENT_CERT = 122;
+
+  // Attempt to use GenerateSignedLicense() for license renewal containing
+  // content keys.
+  RENEWAL_WITH_CONTENT_KEYS_NOT_ALLOWED = 123;
+
+  // Invalid Nonce, expected as a 32 bit unsigned int.
+  INVALID_KEY_CONTROL_NONCE = 124;
+
+  // Invalid renewal signing key size. For protocol version 2_0, size must be 32
+  // bytes.  For protocol version 2_1, size must be 64 bytes.
+  INVALID_RENEWAL_SIGNING_KEY_SIZE = 125;
+
+  // Invalid Device Certificate token. Perhaps the intermediate cert was
+  // replaced or the device cert is corrupt. Will result in re-provisioning.
+  INVALID_DRM_CERTIFICATE = 126;
+
+  // Device Certificate was revoked.
+  DRM_DEVICE_CERTIFICATE_REVOKED = 127;
+
+  // Device Certificate not in the certificate status list, and unknown
+  // devices are not allowed.
+  DRM_DEVICE_CERTIFICATE_UNKNOWN = 128;
+
+  // Invalid Certificate status list.
+  INVALID_CERTIFICATE_STATUS_LIST = 129;
+
+  // Expired Certificate status list.
+  EXPIRED_CERTIFICATE_STATUS_LIST = 130;
+
+  // KeyControl block generation failed.
+  KEYCONTROL_GENERATION_ERROR = 131;
+
+  // The device root certificate was not set.
+  ROOT_CERTIFICATE_NOT_SET = 132;
+
+  // The service certificate is invalid.
+  INVALID_SERVICE_CERTIFICATE = 133;
+
+  // Service certificate not found.
+  SERVICE_CERTIFICATE_NOT_FOUND = 134;
+
+  // Invalid EncryptedClientIdentification message.
+  INVALID_ENCRYPTED_CLIENT_IDENTIFICATION = 135;
+
+  // No service certificates have been added.
+  SERVICE_CERTIFICATE_NOT_SET = 136;
+
+  // Could not process service private key.
+  INVALID_SERVICE_PRIVATE_KEY = 137;
+
+  // ClientIdentification and EncryptedClientIdentification were specified.
+  MULTIPLE_CLIENT_ID = 138;
+
+  // Message is a service certificate request.
+  SERVICE_CERTIFICATE_REQUEST_MESSAGE = 139;
+
+  // Invalid message type
+  INVALID_MESSAGE_TYPE = 140;
+
+  // Remote attestation verification failed.
+  REMOTE_ATTESTATION_FAILED = 141;
+
+  // can_play = true for license RELEASE response.
+  INVALID_RELEASE_CAN_PLAY_VALUE = 142;
+
+  // can_persist = false for offline license.
+  INVALID_OFFLINE_CAN_PERSIST = 143;
+
+  // Session usage table entry is malformed.
+  INVALID_SESSION_USAGE_TABLE_ENTRY = 144;
+
+  // Session usage table entry signature verification failed.
+  INVALID_SESSION_USAGE_SIGNATURE = 145;
+
+  // The type of ContentIdentification is unrecognized
+  INVALID_CONTENT_ID_TYPE = 146;
+
+  // Unknown InitData type.
+  UNKNOWN_INIT_DATA_TYPE = 147;
+
+  // InitData.init_data field is missing.
+  MISSING_INIT_DATA = 148;
+
+  // InitData contains invalid ISO BMFF boxes.
+  INVALID_CENC_INIT_DATA = 149;
+
+  // Malformed PSSH box.
+  INVALID_PSSH = 150;
+
+  // PSSH box version not supported.
+  UNSUPPORTED_PSSH_VERSION = 151;
+
+  // Widevine PSSH Data malformed.
+  INVALID_WIDEVINE_PSSH_DATA = 152;
+
+  // Device capabilities are too low for the specified output protection.
+  DEVICE_CAPABILITIES_TOO_LOW = 153;
+
+  // Invalid master signing key size. Must be 16 bytes.
+  INVALID_MASTER_SIGNING_KEY_SIZE = 154;
+
+  // Invalid signing key size. Must be 64 bytes.
+  INVALID_SIGNING_KEY_SIZE = 155;
+
+  // Keybox tokens not intialized.  PreProvisioning keys not loaded.
+  KEYBOX_TOKEN_KEYS_NOT_INITIALIZED = 156;
+
+  // Provider Id in device certificate does not match service Id for License
+  // server. Check cert used when initializing with AddDrmServiceCertificate().
+  PROVIDER_ID_MISMATCH = 157;
+
+  // Certificate chain not selected.
+  CERT_CHAIN_NOT_SELECTED = 158;
+
+  // Failed to read the SRM file from specified location.
+  INVALID_SRM_LOCATION = 159;
+
+  // Invalid SRM file size, HDCP2 SRM file must be at least 396 bytes.
+  INVALID_SRM_SIZE = 160;
+
+  // SRM file signature validation failed.
+  INVALID_SRM_SIGNATURE = 161;
+
+  // Unable to find provider.
+  MISSING_PROVIDER = 162;
+
+  // Unable to find group master key id.
+  MISSING_GROUP_MASTER_KEY_ID = 163;
+
+  // Unable to find group master key.
+  MISSING_GROUP_MASTER_KEY = 164;
+
+  // Invalid Provider session token size. Must be less than 256 bytes.
+  INVALID_PROVIDER_SESSION_TOKEN_SIZE = 165;
+
+  // Failure to decrypt data with service certificate private key.
+  SERVICE_PRIVATE_KEY_DECRYPT_ERROR = 166;
+
+  // Disallowed development certificate.
+  DEVELOPMENT_CERTIFICATE_NOT_ALLOWED = 167;
+
+  // Invalid message. E.g. Deserialization failed.
+  INVALID_MESSAGE = 168;
+
+  // Invalid key size.
+  INVALID_KEY_SIZE = 169;
+
+  // Invalid method parameter.
+  INVALID_PARAMETER = 170;
+
+}

protos/public/provisioned_device_info.proto

@@ -1,5 +1,5 @@
 ////////////////////////////////////////////////////////////////////////////////
-// Copyright 2016 Google Inc.
+// Copyright 2016 Google LLC.
 //
 // This software is licensed under the terms defined in the Widevine Master
 // License Agreement. For a copy of this agreement, please contact
@@ -26,6 +26,30 @@ message ProvisionedDeviceInfo {
     LEVEL_2 = 2;
     LEVEL_3 = 3;
   }
+  // Widevine initial provisioning / bootstrapping method. DRM certificates are
+  // required for retrieving licenses, so if a DRM certificate is not initially
+  // provisioned, then the provisioned credentials will be used to provision
+  // a DRM certificate via the Widevine Provisioning Service.
+  enum ProvisioningMethod {
+    // Don't use this.
+    PROVISIONING_METHOD_UNSPECIFIED = 0;
+    // Factory-provisioned device-unique keybox.
+    FACTORY_KEYBOX = 1;
+    // Factory-provisioned device-unique OEM certificate.
+    FACTORY_OEM_DEVICE_CERTIFICATE = 2;
+    // Factory-provisioned model-group OEM certificate.
+    FACTORY_OEM_GROUP_CERTIFICATE = 3;
+    // Factory-provisioned model-group DRM certificate (Level-3 "baked in").
+    FACTORY_DRM_GROUP_CERTIFICATE = 4;
+    // OTA-provisioned keybox (Level-1 ARC++).
+    OTA_KEYBOX = 5;
+    // OTA-provisioned device-unique OEM certificate.
+    OTA_OEM_DEVICE_CERTIFICATE = 6;
+    // OTA-provisioned model-group OEM certificate.
+    OTA_OEM_GROUP_CERTIFICATE = 7;
+    // OTA-provisioned device-unique DRM certificate (Bedrock).
+    OTA_DRM_DEVICE_CERTIFICATE = 8;
+  }
 
   // Widevine system ID for the device. Mandatory.
   optional uint32 system_id = 1;
@@ -44,4 +68,6 @@ message ProvisionedDeviceInfo {
   // True if the certificate corresponds to a test (non production) device.
   // Optional.
   optional bool test_device = 8 [default = false];
+  // Indicates the type of device root of trust which was factory provisioned.
+  optional ProvisioningMethod provisioning_method = 9;
 }

protos/public/remote_attestation.proto

@@ -0,0 +1,30 @@
+////////////////////////////////////////////////////////////////////////////////
+// Copyright 2017 Google LLC.
+//
+// This software is licensed under the terms defined in the Widevine Master
+// License Agreement. For a copy of this agreement, please contact
+// widevine-licensing@google.com.
+////////////////////////////////////////////////////////////////////////////////
+//
+// Description:
+//   Remote attestation is used by ChromeOS device to authenticate itself
+//   to Widevine services for both licensing and keybox provisioning.
+
+syntax = "proto2";
+
+package widevine;
+option java_package = "com.google.video.widevine.protos";
+
+import "protos/public/client_identification.proto";
+
+message RemoteAttestation {
+  // Encrypted ClientIdentification message containing the device remote
+  // attestation certificate. Required.
+  optional EncryptedClientIdentification certificate = 1;
+  // Bytes of salt which were added to the remote attestation challenge prior to
+  // signing it. Required.
+  optional bytes salt = 2;
+  // Signed remote attestation challenge + salt. Required.
+  optional bytes signature = 3;
+}
+

protos/public/signed_drm_certificate.proto

@@ -1,5 +1,5 @@
 ////////////////////////////////////////////////////////////////////////////////
-// Copyright 2016 Google Inc.
+// Copyright 2016 Google LLC.
 //
 // This software is licensed under the terms defined in the Widevine Master
 // License Agreement. For a copy of this agreement, please contact
@@ -12,16 +12,16 @@ syntax = "proto2";
 
 package widevine;
 
-option java_outer_classname = "SignedDeviceCertificateProtos";
+option java_outer_classname = "SignedDrmCertificateProtos";
 option java_package = "com.google.video.widevine.protos";
 
-// DrmDeviceCertificate signed by a higher (CA) DRM certificate.
-message SignedDrmDeviceCertificate {
+// DrmCertificate signed by a higher (CA) DRM certificate.
+message SignedDrmCertificate {
   // Serialized certificate. Required.
   optional bytes drm_certificate = 1;
   // Signature of certificate. Signed with root or intermediate
   // certificate specified below. Required.
   optional bytes signature = 2;
-  // SignedDrmDeviceCertificate used to sign this certificate.
-  optional SignedDrmDeviceCertificate signer = 3;
+  // SignedDrmCertificate used to sign this certificate.
+  optional SignedDrmCertificate signer = 3;
 }