provisioning_sdk_source/protos/public/client_identification.proto

////////////////////////////////////////////////////////////////////////////////
// Copyright 2016 Google Inc.
//
// This software is licensed under the terms defined in the Widevine Master
// License Agreement. For a copy of this agreement, please contact
// widevine-licensing@google.com.
////////////////////////////////////////////////////////////////////////////////

//
// Description:
//   ClientIdentification messages used by provisioning and license protocols.

syntax = "proto2";

package widevine;
option java_package = "com.google.video.widevine.protos";

option java_outer_classname = "ClientIdentificationProtos";

// ClientIdentification message used to authenticate the client device.
message ClientIdentification {
  enum TokenType {
    KEYBOX = 0;
    DRM_DEVICE_CERTIFICATE = 1;
    REMOTE_ATTESTATION_CERTIFICATE = 2;
    OEM_DEVICE_CERTIFICATE = 3;
  }

  message NameValue {
    optional string name = 1;
    optional string value = 2;
  }

  // Capabilities which not all clients may support. Used for the license
  // exchange protocol only.
  message ClientCapabilities {
    enum HdcpVersion {
      HDCP_NONE = 0;
      HDCP_V1 = 1;
      HDCP_V2 = 2;
      HDCP_V2_1 = 3;
      HDCP_V2_2 = 4;
      HDCP_NO_DIGITAL_OUTPUT = 0xff;
    }

    enum CertificateKeyType {
      RSA_2048 = 0;
      RSA_3072 = 1;
    }

    optional bool client_token = 1 [default = false];
    optional bool session_token = 2 [default = false];
    optional bool video_resolution_constraints = 3 [default = false];
    optional HdcpVersion max_hdcp_version = 4 [default = HDCP_NONE];
    optional uint32 oem_crypto_api_version = 5;
    // Client has hardware support for protecting the usage table, such as
    // storing the generation number in secure memory.  For Details, see:
    // https://docs.google.com/document/d/1Mm8oB51SYAgry62mEuh_2OEkabikBiS61kN7HsDnh9Y/edit#heading=h.xgjl2srtytjt
    optional bool anti_rollback_usage_table = 6 [default = false];
    // The client shall report |srm_version| if available.
    optional uint32 srm_version = 7;
    // A device may have SRM data, and report a version, but may not be capable
    // of updating SRM data.
    optional bool can_update_srm = 8 [default = false];
    repeated CertificateKeyType supported_certificate_key_type = 9;
  }

  // Type of factory-provisioned device root of trust. Optional.
  optional TokenType type = 1 [default = KEYBOX];
  // Factory-provisioned device root of trust. Required.
  optional bytes token = 2;
  // Optional client information name/value pairs.
  repeated NameValue client_info = 3;
  // Client token generated by the content provider. Optional.
  optional bytes provider_client_token = 4;
  // Number of licenses received by the client to which the token above belongs.
  // Only present if client_token is specified.
  optional uint32 license_counter = 5;
  // List of non-baseline client capabilities.
  optional ClientCapabilities client_capabilities = 6;
  // Serialized VmpData message. Optional.
  optional bytes vmp_data = 7;
}

// EncryptedClientIdentification message used to hold ClientIdentification
// messages encrypted for privacy purposes.
message EncryptedClientIdentification {
  // Provider ID for which the ClientIdentifcation is encrypted (owner of
  // service certificate).
  optional string provider_id = 1;
  // Serial number for the service certificate for which ClientIdentification is
  // encrypted.
  optional bytes service_certificate_serial_number = 2;
  // Serialized ClientIdentification message, encrypted with the privacy key using
  // AES-128-CBC with PKCS#5 padding.
  optional bytes encrypted_client_id = 3;
  // Initialization vector needed to decrypt encrypted_client_id.
  optional bytes encrypted_client_id_iv = 4;
  // AES-128 privacy key, encrypted with the service public key using RSA-OAEP.
  optional bytes encrypted_privacy_key = 5;
}