Support for group license

Content keys in ECM v3 can now additionally be encrypted by group
entitlement keys.

protos/public/hash_algorithm.proto

@@ -17,4 +17,5 @@ enum HashAlgorithmProto {
   HASH_ALGORITHM_UNSPECIFIED = 0;
   HASH_ALGORITHM_SHA_1 = 1;
   HASH_ALGORITHM_SHA_256 = 2;
+  HASH_ALGORITHM_SHA_384 = 3;
 }

protos/public/media_cas.proto

@@ -22,6 +22,9 @@ message CaDescriptorPrivateData {
   // Entitlement key IDs for current content per track. Each track will allow up
   // to 2 entitlement key ids (odd and even entitlement keys).
   repeated bytes entitlement_key_ids = 3;
+
+  // The groups ids this channel belongs to.
+  repeated bytes group_ids = 4;
 }
 
 // Widevine fingerprinting.
@@ -49,6 +52,15 @@ message ServiceBlocking {
 message EmmPayload {
   repeated Fingerprinting fingerprinting = 1;
   repeated ServiceBlocking service_blocking = 2;
+  // Epoch time in seconds. The time when the EMM is generated.
+  optional int64 timestamp_secs = 3;
+}
+
+message SignedEmmPayload {
+  // Serialized EmmPayload.
+  optional bytes serialized_payload = 1;
+  // ECC (Elliptic Curve Cryptography) signature of |serialized_payload|.
+  optional bytes signature = 2;
 }
 
 message EcmMetaData {
@@ -89,6 +101,18 @@ message EcmKeyData {
   optional bytes content_iv = 4;
 }
 
+message EcmGroupKeyData {
+  // Group id of this key data.
+  optional bytes group_id = 1;
+  // Required. The key data for the even slot. Fields wrapped_key_iv and
+  // content_iv may be omitted if it is the same as EcmPayload.even_key_data.
+  optional EcmKeyData even_key_data = 2;
+  // Optional. The key data for the odd slot if key rotation is enabled. Fields
+  // wrapped_key_iv and content_iv may be omitted if it is the same as
+  // EcmPayload.odd_key_data.
+  optional EcmKeyData odd_key_data = 3;
+}
+
 message EcmPayload {
   // Required. Meta info carried by the ECM.
   optional EcmMetaData meta_data = 1;
@@ -100,6 +124,9 @@ message EcmPayload {
   optional Fingerprinting fingerprinting = 4;
   // Optional. Widevine service blocking information.
   optional ServiceBlocking service_blocking = 5;
+  // If a channel belongs to a group, the content keys can additionally be
+  // encrypted by the group entitlement keys.
+  repeated EcmGroupKeyData group_key_data = 6;
 }
 
 // The payload field for an ECM with signature.

protos/public/media_cas_encryption.proto

@@ -27,9 +27,14 @@ message CasEncryptionRequest {
   // returned.
   optional bool key_rotation = 4;
   // Optional value which can be used to indicate a group.
-  // If present the CasEncryptionResponse will return key based on the group
-  // id.
+  // If present, the CasEncryptionResponse will return keys based on this group
+  // id, instead of |content_id|.
   optional bytes group_id = 5;
+  // Entitlement period index for media using entitlement key rotation. It
+  // always corresponds to the entitlement key period. If present, the
+  // entitlement keys returned will corresponds to the specified entitlement
+  // period index.
+  optional uint32 entitlement_period_index = 6;
 }
 
 message CasEncryptionResponse {