////////////////////////////////////////////////////////////////////////////////
// Copyright 2017 Google LLC.
//
// This software is licensed under the terms defined in the Widevine Master
// License Agreement. For a copy of this agreement, please contact
// widevine-licensing@google.com.
////////////////////////////////////////////////////////////////////////////////

//
// Description:
//   DRM certificate object definition.

syntax = "proto2";

package widevine;

option java_outer_classname = "DrmCertificateProtos";
option java_package = "com.google.video.widevine.protos";


// Definition of the root of trust identifier proto. The proto message contains
// the EC-IES encrypted identifier (e.g. keybox unique id) for a device and
// an associated hash. These can be used by Widevine to identify the root of
// trust that was used to acquire a DRM certificate.
//
// In addition to the encrypted part and the hash, the proto contains the
// version of the root of trust id which implies the EC key algorithm that was
// used.
// Next id: 5
message RootOfTrustId {
  // The version specifies the EC algorithm that was used to generate the
  // root of trust id.
  enum RootOfTrustIdVersion {
    // Should not be used.
    ROOT_OF_TRUST_ID_VERSION_UNSPECIFIED = 0;
    // Version 1 of the ID uses EC-IES with SECP256R1 curve.
    ROOT_OF_TRUST_ID_VERSION_1 = 1;
  }
  optional RootOfTrustIdVersion version = 1;
  // The key_id is used for key rotation. It indicates which key was used to
  // generate the root of trust id.
  optional uint32 key_id = 2;

  // The EC-IES encrypted message containing the unique_id. The bytes are
  // a concatenation of
  //    1) The ephemeral public key. Uncompressed keypoint format per X9.62.
  //    2) The plaintext encrypted with the derived AES key using AES CBC,
  //       PKCS7 padding and a zerio iv.
  //    3) The HMAC SHA256 of the cipher text.
  optional bytes encrypted_unique_id = 3;

  // The hash of encrypted unique id and other values.
  // unique_id_hash = SHA256(
  //   encrypted_unique_id || system_id || SHA256(unique_id || secret_sauce)).
  optional bytes unique_id_hash = 4;
}

// DRM certificate definition for user devices, intermediate, service, and root
// certificates.
// Next id: 11
message DrmCertificate {
  enum Type {
    ROOT = 0;  // ProtoBestPractices: ignore.
    DEVICE_MODEL = 1;
    DEVICE = 2;
    SERVICE = 3;
    PROVISIONER = 4;
  }
  enum ServiceType {
    UNKNOWN_SERVICE_TYPE = 0;
    LICENSE_SERVER_SDK = 1;
    LICENSE_SERVER_PROXY_SDK = 2;
    PROVISIONING_SDK = 3;
    CAS_PROXY_SDK = 4;
  }
  enum Algorithm {
    UNKNOWN_ALGORITHM = 0;
    RSA = 1;
    ECC_SECP256R1 = 2;
    ECC_SECP384R1 = 3;
    ECC_SECP521R1 = 4;
  }
  // Type of certificate. Required.
  optional Type type = 1;
  // 128-bit globally unique serial number of certificate.
  // Value is 0 for root certificate. Required.
  optional bytes serial_number = 2;
  // POSIX time, in seconds, when the certificate was created. Required.
  optional uint32 creation_time_seconds = 3;
  // Device public key. PKCS#1 ASN.1 DER-encoded. Required.
  optional bytes public_key = 4;
  // Widevine system ID for the device. Required for intermediate and
  // user device certificates.
  optional uint32 system_id = 5;
  // Deprecated field, which used to indicate whether the device was a test
  // (non-production) device. The test_device field in ProvisionedDeviceInfo
  // below should be observed instead.
  optional bool test_device_deprecated = 6 [deprecated = true];
  // Service identifier (web origin) for the provider which owns the
  // certificate. Required for service and provisioner certificates.
  optional string provider_id = 7;
  // This field is used only when type = SERVICE to specify which SDK uses
  // service certificate. This repeated field is treated as a set. A certificate
  // may be used for the specified service SDK if the appropriate ServiceType
  // is specified in this field.
  repeated ServiceType service_types = 8;
  // Required. The algorithm field contains the curve used to create the
  // |public_key| if algorithm is one of the ECC types.
  // The |algorithm| is used for both to determine the if the certificate is ECC
  // or RSA. The |algorithm| also specifies the parameters that were used to
  // create |public_key| and are used to create an ephemeral session key.
  optional Algorithm algorithm = 9 [default = RSA];
  // Optional. May be present in DEVICE certificate types. This is the root
  // of trust identifier that holds an encrypted value that identifies the
  // keybox or other root of trust that was used to provision a DEVICE drm
  // certificate.
  optional RootOfTrustId rot_id = 10;
}