syntax = "proto2";
package video_widevine;
option java_package = "com.google.video.widevine.protos";
option optimize_for = LITE_RUNTIME;
enum LicenseType {
STREAMING = 1;
OFFLINE = 2;
}
enum ProtocolVersion {
VERSION_2_0 = 20;
VERSION_2_1 = 21;
}
message LicenseIdentification {
optional bytes request_id = 1;
optional bytes session_id = 2;
optional bytes purchase_id = 3;
optional .video_widevine.LicenseType type = 4;
optional int32 version = 5;
optional bytes provider_session_token = 6;
}
message License {
message Policy {
optional bool can_play = 1 [default = false];
optional bool can_persist = 2 [default = false];
optional bool can_renew = 3 [default = false];
optional int64 rental_duration_seconds = 4 [default = 0];
optional int64 playback_duration_seconds = 5 [default = 0];
optional int64 license_duration_seconds = 6 [default = 0];
optional int64 renewal_recovery_duration_seconds = 7 [default = 0];
optional string renewal_server_url = 8;
optional int64 renewal_delay_seconds = 9 [default = 0];
optional int64 renewal_retry_interval_seconds = 10 [default = 0];
optional bool renew_with_usage = 11 [default = false];
optional bool always_include_client_id = 12 [default = false];
optional int64 play_start_grace_period_seconds = 13 [default = 0];
optional bool soft_enforce_playback_duration = 14 [default = false];
}
message KeyContainer {
message KeyControl {
optional bytes key_control_block = 1;
optional bytes iv = 2;
}
message OutputProtection {
enum HDCP {
HDCP_NONE = 0;
HDCP_V1 = 1;
HDCP_V2 = 2;
HDCP_V2_1 = 3;
HDCP_V2_2 = 4;
HDCP_NO_DIGITAL_OUTPUT = 255;
}
enum CGMS {
CGMS_NONE = 42;
COPY_FREE = 0;
COPY_ONCE = 2;
COPY_NEVER = 3;
}
optional .video_widevine.License.KeyContainer.OutputProtection.HDCP hdcp = 1 [default = HDCP_NONE];
optional .video_widevine.License.KeyContainer.OutputProtection.CGMS cgms_flags = 2 [default = CGMS_NONE];
}
message VideoResolutionConstraint {
optional uint32 min_resolution_pixels = 1;
optional uint32 max_resolution_pixels = 2;
optional .video_widevine.License.KeyContainer.OutputProtection required_protection = 3;
}
message OperatorSessionKeyPermissions {
optional bool allow_encrypt = 1 [default = false];
optional bool allow_decrypt = 2 [default = false];
optional bool allow_sign = 3 [default = false];
optional bool allow_signature_verify = 4 [default = false];
}
enum KeyType {
SIGNING = 1;
CONTENT = 2;
KEY_CONTROL = 3;
OPERATOR_SESSION = 4;
SUB_SESSION = 5;
}
enum SecurityLevel {
SW_SECURE_CRYPTO = 1;
SW_SECURE_DECODE = 2;
HW_SECURE_CRYPTO = 3;
HW_SECURE_DECODE = 4;
HW_SECURE_ALL = 5;
}
optional bytes id = 1;
optional bytes iv = 2;
optional bytes key = 3;
optional .video_widevine.License.KeyContainer.KeyType type = 4;
optional .video_widevine.License.KeyContainer.SecurityLevel level = 5 [default = SW_SECURE_CRYPTO];
optional .video_widevine.License.KeyContainer.OutputProtection required_protection = 6;
optional .video_widevine.License.KeyContainer.OutputProtection requested_protection = 7;
optional .video_widevine.License.KeyContainer.KeyControl key_control = 8;
optional .video_widevine.License.KeyContainer.OperatorSessionKeyPermissions operator_session_key_permissions = 9;
repeated .video_widevine.License.KeyContainer.VideoResolutionConstraint video_resolution_constraints = 10;
optional bool anti_rollback_usage_table = 11 [default = false];
optional string track_label = 12;
}
optional .video_widevine.LicenseIdentification id = 1;
optional .video_widevine.License.Policy policy = 2;
repeated .video_widevine.License.KeyContainer key = 3;
optional int64 license_start_time = 4;
optional bool remote_attestation_verified = 5 [default = false];
optional bytes provider_client_token = 6;
optional uint32 protection_scheme = 7;
optional bytes srm_requirement = 8;
optional bytes srm_update = 9;
}
message LicenseRequest {
message ContentIdentification {
message CencDeprecated {
repeated bytes pssh = 1;
optional .video_widevine.LicenseType license_type = 2;
optional bytes request_id = 3;
}
message WebmDeprecated {
optional bytes header = 1;
optional .video_widevine.LicenseType license_type = 2;
optional bytes request_id = 3;
}
message ExistingLicense {
optional .video_widevine.LicenseIdentification license_id = 1;
optional int64 seconds_since_started = 2;
optional int64 seconds_since_last_played = 3;
optional bytes session_usage_table_entry = 4;
}
message InitData {
enum InitDataType {
CENC = 1;
WEBM = 2;
}
optional .video_widevine.LicenseRequest.ContentIdentification.InitData.InitDataType init_data_type = 1 [default = CENC];
optional bytes init_data = 2;
optional .video_widevine.LicenseType license_type = 3;
optional bytes request_id = 4;
}
optional .video_widevine.LicenseRequest.ContentIdentification.CencDeprecated cenc_id_deprecated = 1;
optional .video_widevine.LicenseRequest.ContentIdentification.WebmDeprecated webm_id_deprecated = 2;
optional .video_widevine.LicenseRequest.ContentIdentification.ExistingLicense existing_license = 3;
optional .video_widevine.LicenseRequest.ContentIdentification.InitData init_data = 4;
}
message SubSessionData {
optional string sub_session_key_id = 1;
optional uint32 nonce = 2;
optional string track_label = 3;
}
enum RequestType {
NEW = 1;
RENEWAL = 2;
RELEASE = 3;
}
optional .video_widevine.ClientIdentification client_id = 1;
optional .video_widevine.LicenseRequest.ContentIdentification content_id = 2;
optional .video_widevine.LicenseRequest.RequestType type = 3;
optional int64 request_time = 4;
optional bytes key_control_nonce_deprecated = 5;
optional .video_widevine.ProtocolVersion protocol_version = 6 [default = VERSION_2_0];
optional uint32 key_control_nonce = 7;
optional .video_widevine.EncryptedClientIdentification encrypted_client_id = 8;
repeated .video_widevine.LicenseRequest.SubSessionData sub_session_data = 9;
}
message LicenseError {
enum Error {
INVALID_DRM_DEVICE_CERTIFICATE = 1;
REVOKED_DRM_DEVICE_CERTIFICATE = 2;
SERVICE_UNAVAILABLE = 3;
}
optional .video_widevine.LicenseError.Error error_code = 1;
}
message MetricData {
message TypeValue {
optional .video_widevine.MetricData.MetricType type = 1;
optional int64 value = 2 [default = 0];
}
enum MetricType {
LATENCY = 1;
TIMESTAMP = 2;
}
optional string stage_name = 1;
repeated .video_widevine.MetricData.TypeValue metric_data = 2;
}
message RemoteAttestation {
optional .video_widevine.EncryptedClientIdentification certificate = 1;
optional bytes salt = 2;
optional bytes signature = 3;
}
message SignedMessage {
enum MessageType {
LICENSE_REQUEST = 1;
LICENSE = 2;
ERROR_RESPONSE = 3;
SERVICE_CERTIFICATE_REQUEST = 4;
SERVICE_CERTIFICATE = 5;
}
optional .video_widevine.SignedMessage.MessageType type = 1;
optional bytes msg = 2;
optional bytes signature = 3;
optional bytes session_key = 4;
optional .video_widevine.RemoteAttestation remote_attestation = 5;
repeated .video_widevine.MetricData metric_data = 6;
}
message SignedLicenseRequest {
optional .video_widevine.SignedMessage.MessageType type = 1;
optional .video_widevine.LicenseRequest msg = 2;
optional bytes signature = 3;
optional bytes session_key = 4;
optional .video_widevine.RemoteAttestation remote_attestation = 5;
repeated .video_widevine.MetricData metric_data = 6;
}
message SignedLicense {
optional .video_widevine.SignedMessage.MessageType type = 1;
optional .video_widevine.License msg = 2;
optional bytes signature = 3;
optional bytes session_key = 4;
optional .video_widevine.RemoteAttestation remote_attestation = 5;
repeated .video_widevine.MetricData metric_data = 6;
}
message GroupKeys {
message GroupKeyData {
optional string track_type = 1;
optional bytes key = 2;
}
enum GroupLicenseVersion {
GROUP_LICENSE_VERSION_1 = 0;
GROUP_LICENSE_VERSION_2 = 1;
}
repeated .video_widevine.License.KeyContainer key = 1 [deprecated = true];
optional bytes group_id = 2;
optional .video_widevine.GroupKeys.GroupLicenseVersion version = 3 [default = GROUP_LICENSE_VERSION_1];
repeated .video_widevine.GroupKeys.GroupKeyData key_data = 4;
}
message ProvisioningOptions {
enum CertificateType {
WIDEVINE_DRM = 0;
X509 = 1;
}
optional .video_widevine.ProvisioningOptions.CertificateType certificate_type = 1 [default = WIDEVINE_DRM];
optional string certificate_authority = 2;
}
message ProvisioningRequest {
optional .video_widevine.ClientIdentification client_id = 1;
optional .video_widevine.EncryptedClientIdentification encrypted_client_id = 5;
optional bytes nonce = 2;
optional .video_widevine.ProvisioningOptions options = 3;
optional bytes stable_id = 4;
optional bytes provider_id = 6;
optional bytes spoid = 7;
}
message ProvisioningResponse {
optional bytes device_rsa_key = 1;
optional bytes device_rsa_key_iv = 2;
optional bytes device_certificate = 3;
optional bytes nonce = 4;
optional bytes wrapping_key = 5;
}
message SignedProvisioningMessage {
enum ProtocolVersion {
VERSION_2 = 2;
VERSION_3 = 3;
}
optional bytes message = 1;
optional bytes signature = 2;
optional .video_widevine.SignedProvisioningMessage.ProtocolVersion protocol_version = 3 [default = VERSION_2];
}
message ClientIdentification {
message NameValue {
optional string name = 1;
optional string value = 2;
}
message ClientCapabilities {
enum HdcpVersion {
HDCP_NONE = 0;
HDCP_V1 = 1;
HDCP_V2 = 2;
HDCP_V2_1 = 3;
HDCP_V2_2 = 4;
HDCP_NO_DIGITAL_OUTPUT = 255;
}
enum CertificateKeyType {
RSA_2048 = 0;
RSA_3072 = 1;
}
optional bool client_token = 1 [default = false];
optional bool session_token = 2 [default = false];
optional bool video_resolution_constraints = 3 [default = false];
optional .video_widevine.ClientIdentification.ClientCapabilities.HdcpVersion max_hdcp_version = 4 [default = HDCP_NONE];
optional uint32 oem_crypto_api_version = 5;
optional bool anti_rollback_usage_table = 6 [default = false];
optional uint32 srm_version = 7;
optional bool can_update_srm = 8 [default = false];
repeated .video_widevine.ClientIdentification.ClientCapabilities.CertificateKeyType supported_certificate_key_type = 9;
}
enum TokenType {
KEYBOX = 0;
DRM_DEVICE_CERTIFICATE = 1;
REMOTE_ATTESTATION_CERTIFICATE = 2;
OEM_DEVICE_CERTIFICATE = 3;
}
optional .video_widevine.ClientIdentification.TokenType type = 1 [default = KEYBOX];
optional bytes token = 2;
repeated .video_widevine.ClientIdentification.NameValue client_info = 3;
optional bytes provider_client_token = 4;
optional uint32 license_counter = 5;
optional .video_widevine.ClientIdentification.ClientCapabilities client_capabilities = 6;
optional bytes vmp_data = 7;
}
message EncryptedClientIdentification {
optional string provider_id = 1;
optional bytes service_certificate_serial_number = 2;
optional bytes encrypted_client_id = 3;
optional bytes encrypted_client_id_iv = 4;
optional bytes encrypted_privacy_key = 5;
}
message DrmDeviceCertificate {
enum CertificateType {
ROOT = 0;
DRM_INTERMEDIATE = 1;
DRM_USER_DEVICE = 2;
SERVICE = 3;
PROVISIONER = 4;
}
optional .video_widevine.DrmDeviceCertificate.CertificateType type = 1;
optional bytes serial_number = 2;
optional uint32 creation_time_seconds = 3;
optional bytes public_key = 4;
optional uint32 system_id = 5;
optional bool test_device_deprecated = 6 [deprecated = true];
optional string provider_id = 7;
}
message DeviceCertificateStatus {
enum Status {
VALID = 0;
REVOKED = 1;
}
optional bytes drm_serial_number = 1;
optional .video_widevine.DeviceCertificateStatus.Status status = 2 [default = VALID];
optional .video_widevine.ProvisionedDeviceInfo device_info = 4;
optional bytes oem_serial_number = 5;
}
message DeviceCertificateStatusList {
optional uint32 creation_time_seconds = 1;
repeated .video_widevine.DeviceCertificateStatus certificate_status = 2;
}
message SignedCertificateStatusList {
optional bytes certificate_status_list = 1;
optional bytes signature = 2;
}
message ProvisionedDeviceInfo {
enum WvSecurityLevel {
LEVEL_UNSPECIFIED = 0;
LEVEL_1 = 1;
LEVEL_2 = 2;
LEVEL_3 = 3;
}
optional uint32 system_id = 1;
optional string soc = 2;
optional string manufacturer = 3;
optional string model = 4;
optional string device_type = 5;
optional uint32 model_year = 6;
optional .video_widevine.ProvisionedDeviceInfo.WvSecurityLevel security_level = 7 [default = LEVEL_UNSPECIFIED];
optional bool test_device = 8 [default = false];
}
message SubLicense {
optional string sub_session_key_id = 1;
optional bytes key_msg = 2;
}
message WidevinePsshData {
enum Algorithm {
UNENCRYPTED = 0;
AESCTR = 1;
}
optional .video_widevine.WidevinePsshData.Algorithm algorithm = 1;
repeated bytes key_id = 2;
optional string provider = 3;
optional bytes content_id = 4;
optional string track_type_deprecated = 5;
optional string policy = 6 [deprecated = true];
optional uint32 crypto_period_index = 7;
optional bytes grouped_license = 8;
optional uint32 protection_scheme = 9;
optional uint32 crypto_period_seconds = 10;
repeated .video_widevine.SubLicense sub_licenses = 11;
optional string group_master_key_id = 12;
}
message SignedDrmDeviceCertificate {
optional bytes drm_certificate = 1;
optional bytes signature = 2;
optional .video_widevine.SignedDrmDeviceCertificate signer = 3;
}