ODK and Shared Libraries

In this code drop we introduce the ODK dependency. The reference
implementation has been updated to make use of the ODK and the related
tests have been included.

In addition, we have included an example of how a shared libraries can
be created. This will allow make it easier to test and verify different
implementations of the API.

Most other changes introduce by this code drop were made to clean-up the
reference implementation and limit dependencies.

chromium_deps/cdm/protos/defs/BUILD

@@ -5,6 +5,13 @@ package(default_visibility = ["//visibility:public"])
 
 load("@com_google_protobuf//:protobuf.bzl", "cc_proto_library")
 
+cc_proto_library(
+    name = "certificate_provisioning_proto",
+    srcs = ["certificate_provisioning.proto"],
+    default_runtime = "@com_google_protobuf//:protobuf",
+    protoc = "@com_google_protobuf//:protoc",
+)
+
 cc_proto_library(
     name = "client_identification_proto",
     srcs = ["client_identification.proto"],

chromium_deps/cdm/protos/defs/certificate_provisioning.proto

@@ -0,0 +1,43 @@
+// Copyright 2020 Google LLC. All Rights Reserved.
+
+// This file is a reduced copy from the Google3 code and is only here to allow
+// the ODK code to compile. This is not used in the CDM.
+
+syntax = "proto2";
+
+package video_widevine;
+
+// Provisioning response sent by the provisioning server to client devices.
+// This message is used for both regular Widevine DRM certificates and for
+// application-specific X.509 certificates.
+message ProvisioningResponse {
+  message OtaKeybox {
+    // Iv used along with SessionKeys.encryption_key for encrypting device key.
+    optional bytes device_key_encryption_iv = 1;
+    // Device key component of the keybox, encrypted using the
+    // SessionKeys.encryption_key in the request and |device_key_encryption_iv|
+    // above.
+    optional bytes encrypted_device_key = 2;
+    // Device CA token component of the keybox.
+    optional bytes device_ca_token = 3;
+  }
+  // AES-128 encrypted device private RSA key. PKCS#1 ASN.1 DER-encoded.
+  // Required. For X.509 certificates, the private RSA key may also include
+  // a prefix as specified by private_key_prefix in the X509CertificateMetadata
+  // proto message.
+  optional bytes device_rsa_key = 1;
+  // Initialization vector used to encrypt device_rsa_key. Required.
+  optional bytes device_rsa_key_iv = 2;
+  // For Widevine DRM certificates, this contains the serialized
+  // SignedDrmCertificate. For X.509 certificates, this contains the PEM
+  // encoded X.509 certificate. Required.
+  optional bytes device_certificate = 3;
+  // Nonce value matching nonce in ProvisioningRequest. Required.
+  optional bytes nonce = 4;
+  // Key used to wrap device_rsa_key when DRM provisioning an OEM factory
+  // provisioned device. Encrypted with the device OEM public key using
+  // RSA-OAEP.
+  optional bytes wrapping_key = 5;
+  // Only populated in OTA keybox provisioning response.
+  optional OtaKeybox ota_keybox = 6;
+}

chromium_deps/cdm/protos/defs/license_protocol.proto

@@ -111,6 +111,13 @@ message License {
     // Enables "soft enforcement" of playback_duration_seconds, letting the user
     // finish playback even if short window expires. Optional.
     optional bool soft_enforce_playback_duration = 14 [default = false];
+
+    // Enables "soft enforcement" of rental_duration_seconds. Initial playback
+    // must always start before rental duration expires.  In order to allow
+    // subsequent playbacks to start after the rental duration expires,
+    // soft_enforce_playback_duration must be true. Otherwise, subsequent
+    // playbacks will not be allowed once rental duration expires. Optional.
+    optional bool soft_enforce_rental_duration = 15 [default = true];
   }
   // LINT.ThenChange(//depot/google3/google/chrome/widevine/licensedata/v1/license_policy.proto)