// Copyright 2020 Google LLC. All Rights Reserved.

// This file is a reduced copy from the Google3 code and is only here to allow
// the ODK code to compile. This is not used in the CDM.

syntax = "proto2";

package video_widevine;

// Provisioning response sent by the provisioning server to client devices.
// This message is used for both regular Widevine DRM certificates and for
// application-specific X.509 certificates.
message ProvisioningResponse {
  message OtaKeybox {
    // Iv used along with SessionKeys.encryption_key for encrypting device key.
    optional bytes device_key_encryption_iv = 1;
    // Device key component of the keybox, encrypted using the
    // SessionKeys.encryption_key in the request and |device_key_encryption_iv|
    // above.
    optional bytes encrypted_device_key = 2;
    // Device CA token component of the keybox.
    optional bytes device_ca_token = 3;
  }
  // AES-128 encrypted device private RSA key. PKCS#1 ASN.1 DER-encoded.
  // Required. For X.509 certificates, the private RSA key may also include
  // a prefix as specified by private_key_prefix in the X509CertificateMetadata
  // proto message.
  optional bytes device_rsa_key = 1;
  // Initialization vector used to encrypt device_rsa_key. Required.
  optional bytes device_rsa_key_iv = 2;
  // For Widevine DRM certificates, this contains the serialized
  // SignedDrmCertificate. For X.509 certificates, this contains the PEM
  // encoded X.509 certificate. Required.
  optional bytes device_certificate = 3;
  // Nonce value matching nonce in ProvisioningRequest. Required.
  optional bytes nonce = 4;
  // Key used to wrap device_rsa_key when DRM provisioning an OEM factory
  // provisioned device. Encrypted with the device OEM public key using
  // RSA-OAEP.
  optional bytes wrapping_key = 5;
  // Only populated in OTA keybox provisioning response.
  optional OtaKeybox ota_keybox = 6;
}