Petri Hintukainen pushed to branch master at VideoLAN / libaacs
Commits:
2604f460 by npzacs at 2021-04-24T16:24:12+03:00
Factorize common code
- - - - -
ab5cea75 by npzacs at 2021-04-24T16:24:22+03:00
Move gcrypt code to crypto.c helper
- - - - -
414d47a5 by Petri Hintukainen at 2021-04-24T16:24:24+03:00
Remove tabs
- - - - -
00494733 by npzacs at 2021-04-24T16:24:27+03:00
Remove unused code
- - - - -
d6baeea3 by npzacs at 2021-04-24T16:24:30+03:00
Factorize duplicated code
- - - - -
6 changed files:
- src/examples/aacs_info.c
- src/file/keydbcfg-lexer.l
- src/libaacs/aacs.c
- src/libaacs/crypto.c
- src/libaacs/crypto.h
- src/libaacs/mkb.c
Changes:
=====================================
src/examples/aacs_info.c
=====================================
@@ -68,7 +68,7 @@ int main (int argc, char **argv)
if (argc < 2) {
fprintf(stderr, "Usage: aacs_info <path-to-disc-root>
[<path-to-config-file>]\n");
- exit(EXIT_FAILURE);
+ exit(EXIT_FAILURE);
}
aacs_get_version(&major, &minor, µ);
@@ -76,7 +76,7 @@ int main (int argc, char **argv)
aacs = aacs_init();
if (!aacs) {
- exit(EXIT_FAILURE);
+ exit(EXIT_FAILURE);
}
error_code = aacs_open_device(aacs, argv[1], argc > 2 ? argv[2] : NULL);
=====================================
src/file/keydbcfg-lexer.l
=====================================
@@ -32,9 +32,6 @@
int isatty(int i) { return 0; }
-#if 0
-static char *trim_string(const char *string);
-#endif
%}
/* Options to generate reentrant lexer that's POSIX lex compatible. The
* bison-bridge option is also set since bison forces the use of a parameter
@@ -91,7 +88,6 @@ BAD_ENTRY ([^\n])
{WHITESPACE} {}
<TITLE_STATE>{DISC_TITLE} {
- //yylval->string = trim_string(yytext);
yylval->string = yytext;
BEGIN INITIAL;
return DISC_TITLE;
@@ -143,21 +139,3 @@ BAD_ENTRY ([^\n])
{COMMENT} {}
{BAD_ENTRY} { return BAD_ENTRY; }
%%
-#if 0
-/* Function used to trim leading and trailing space from a string */
-static char *trim_string(const char *string)
-{
- int start = 0;
- int end = strlen(string);
- while (string[start] == ' ' || string[start] == '\t')
- start++;
- while (string[end] == '\0' || string[end] == ' ' || string[end] == '\t')
- end--;
- int size = end - start + 1;
-
- char *new_string = (char*)malloc(size + 1);
- strncpy(new_string, string + start, size);
- new_string[size] = '\0';
- return new_string;
-}
-#endif
\ No newline at end of file
=====================================
src/libaacs/aacs.c
=====================================
@@ -42,10 +42,6 @@
#include <inttypes.h>
#include <string.h>
#include <stdio.h>
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#include <gcrypt.h>
#define SECTOR_LEN 2048 /* bus encryption block size */
@@ -94,8 +90,6 @@ struct aacs {
static const uint8_t empty_key[20] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00,
0x00, 0x00, 0x00, 0x00 };
-static const uint8_t aacs_iv[16] = { 0x0b, 0xa0, 0xf8, 0xdd, 0xfe, 0xa6,
0x1f, 0xb3,
- 0xd8, 0xdf, 0x9f, 0x56, 0x6a, 0x05,
0x0f, 0x78 };
/*
* Validate processing key using media key verification data
@@ -1163,7 +1157,6 @@ static int _decrypt_unit(AACS *aacs, uint8_t *out_buf,
const uint8_t *in_buf, ui
{
/* inbuf == NULL means in-place decryption */
- gcry_cipher_hd_t gcry_h;
int a;
uint8_t key[16];
@@ -1171,24 +1164,17 @@ static int _decrypt_unit(AACS *aacs, uint8_t *out_buf,
const uint8_t *in_buf, ui
memcpy(out_buf, in_buf, 16); /* first 16 bytes are plain */
}
- gcry_cipher_open(&gcry_h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0);
- gcry_cipher_setkey(gcry_h, aacs->uk->uk[curr_uk].key, 16);
- gcry_cipher_encrypt(gcry_h, key, 16, out_buf, 16); /* here out_buf is
plain data fron in_buf */
- gcry_cipher_close(gcry_h);
+ crypto_aes128e(aacs->uk->uk[curr_uk].key, out_buf, key);
for (a = 0; a < 16; a++) {
key[a] ^= out_buf[a]; /* here out_buf is plain data fron in_buf */
}
- gcry_cipher_open(&gcry_h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
- gcry_cipher_setkey(gcry_h, key, 16);
- gcry_cipher_setiv(gcry_h, aacs_iv, 16);
if (BD_UNLIKELY(in_buf != NULL)) {
- gcry_cipher_decrypt(gcry_h, out_buf + 16, ALIGNED_UNIT_LEN - 16,
in_buf + 16, ALIGNED_UNIT_LEN - 16);
+ crypto_aacs_decrypt(key, out_buf + 16, ALIGNED_UNIT_LEN - 16, in_buf +
16, ALIGNED_UNIT_LEN - 16);
} else {
- gcry_cipher_decrypt(gcry_h, out_buf + 16, ALIGNED_UNIT_LEN - 16, NULL,
0);
+ crypto_aacs_decrypt(key, out_buf + 16, ALIGNED_UNIT_LEN - 16, NULL, 0);
}
- gcry_cipher_close(gcry_h);
if (_verify_ts(out_buf)) {
return 1;
@@ -1197,17 +1183,6 @@ static int _decrypt_unit(AACS *aacs, uint8_t *out_buf,
const uint8_t *in_buf, ui
return 0;
}
-static void _decrypt_bus(AACS *aacs, uint8_t *buf)
-{
- gcry_cipher_hd_t gcry_h;
-
- gcry_cipher_open(&gcry_h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
- gcry_cipher_setkey(gcry_h, aacs->read_data_key, 16);
- gcry_cipher_setiv(gcry_h, aacs_iv, 16);
- gcry_cipher_decrypt(gcry_h, buf + 16, SECTOR_LEN - 16, NULL, 0);
- gcry_cipher_close(gcry_h);
-}
-
/*
* libaacs API
*/
@@ -1365,7 +1340,8 @@ static void _decrypt_unit_bus(AACS *aacs, uint8_t *buf)
if (aacs->bee && aacs->bec) {
unsigned int i;
for (i = 0; i < ALIGNED_UNIT_LEN; i += SECTOR_LEN) {
- _decrypt_bus(aacs, buf + i);
+ //_decrypt_bus(aacs, buf + i);
+ crypto_aacs_decrypt(aacs->read_data_key, buf + i + 16, SECTOR_LEN
- 16, NULL, 0);
}
}
}
=====================================
src/libaacs/crypto.c
=====================================
@@ -143,6 +143,16 @@ int crypto_init()
return crypto_init_check;
}
+void crypto_aes128e(const uint8_t *key, const uint8_t *data, uint8_t *dst)
+{
+ gcry_cipher_hd_t gcry_h;
+
+ gcry_cipher_open(&gcry_h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0);
+ gcry_cipher_setkey(gcry_h, key, 16);
+ gcry_cipher_encrypt(gcry_h, dst, 16, data, 16);
+ gcry_cipher_close(gcry_h);
+}
+
void crypto_aes128d(const uint8_t *key, const uint8_t *data, uint8_t *dst)
{
gcry_cipher_hd_t gcry_h;
@@ -228,6 +238,26 @@ void crypto_aes_cmac_16(const unsigned char *data, const
unsigned char *aes_key,
gcry_cipher_close(gcry_h);
}
+/*
+ *
+ */
+
+void crypto_aacs_decrypt(const uint8_t *key, uint8_t *out, size_t out_size,
const uint8_t *in, size_t in_size)
+{
+ static const uint8_t aacs_iv[16] = { 0x0b, 0xa0, 0xf8, 0xdd, 0xfe, 0xa6,
0x1f, 0xb3,
+ 0xd8, 0xdf, 0x9f, 0x56, 0x6a, 0x05,
0x0f, 0x78 };
+ gcry_cipher_hd_t gcry_h;
+
+ gcry_cipher_open(&gcry_h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
+ gcry_cipher_setkey(gcry_h, key, 16);
+ gcry_cipher_setiv(gcry_h, aacs_iv, 16);
+ gcry_cipher_decrypt(gcry_h, out, out_size, in, in_size);
+ gcry_cipher_close(gcry_h);
+}
+
+/*
+ *
+ */
#if defined(HAVE_STRERROR_R) && defined(HAVE_LIBGPG_ERROR)
#define LOG_GCRY_ERROR(msg, func, err) \
=====================================
src/libaacs/crypto.h
=====================================
@@ -26,11 +26,14 @@
#include <stdint.h>
BD_PRIVATE int crypto_init(void);
+BD_PRIVATE void crypto_aes128e(const uint8_t *key, const uint8_t *data,
uint8_t *dst);
BD_PRIVATE void crypto_aes128d(const uint8_t *key, const uint8_t *data,
uint8_t *dst);
BD_PRIVATE void crypto_aesg3(const uint8_t *D, uint8_t *lsubk, uint8_t* rsubk,
uint8_t *pk); // returns left, centre, right
keys
BD_PRIVATE void crypto_aes_cmac_16(const unsigned char *data, const unsigned
char *aes_key, unsigned char *cmac);
+BD_PRIVATE void crypto_aacs_decrypt(const uint8_t *key, uint8_t *out, size_t
out_size, const uint8_t *in, size_t in_size);
+
BD_PRIVATE void crypto_aacs_sign(const uint8_t *cert, const uint8_t *priv_key,
uint8_t *signature,
const uint8_t *nonce, const uint8_t *point);
=====================================
src/libaacs/mkb.c
=====================================
@@ -122,6 +122,21 @@ size_t mkb_data_size(MKB *mkb)
return pos;
}
+static const uint8_t *_simple_record(MKB *mkb, uint8_t type, size_t *len)
+{
+ const uint8_t *rec = _record(mkb, type, len);
+
+ if (*len < 4) {
+ return NULL;
+ }
+ if (rec) {
+ rec += 4;
+ *len -= 4;
+ }
+
+ return rec;
+}
+
uint32_t mkb_type(MKB *mkb)
{
@@ -157,65 +172,24 @@ const uint8_t *mkb_type_and_version_record(MKB *mkb)
return rec;
}
-
const uint8_t *mkb_host_revokation_entries(MKB *mkb, size_t *len)
{
- const uint8_t *rec = _record(mkb, 0x21, len);
-
- if (*len < 4) {
- return NULL;
- }
- if (rec) {
- rec += 4;
- *len -= 4;
- }
-
- return rec;
+ return _simple_record(mkb, 0x21, len);
}
const uint8_t *mkb_drive_revokation_entries(MKB *mkb, size_t *len)
{
- const uint8_t *rec = _record(mkb, 0x20, len);
-
- if (*len < 4) {
- return NULL;
- }
- if (rec) {
- rec += 4;
- *len -= 4;
- }
-
- return rec;
+ return _simple_record(mkb, 0x20, len);
}
const uint8_t *mkb_subdiff_records(MKB *mkb, size_t *len)
{
- const uint8_t *rec = _record(mkb, 0x04, len);
-
- if (*len < 4) {
- return NULL;
- }
- if (rec) {
- rec += 4;
- *len -= 4;
- }
-
- return rec;
+ return _simple_record(mkb, 0x04, len);
}
const uint8_t *mkb_cvalues(MKB *mkb, size_t *len)
{
- const uint8_t *rec = _record(mkb, 0x05, len);
-
- if (*len < 4) {
- return NULL;
- }
- if (rec) {
- rec += 4;
- *len -= 4;
- }
-
- return rec;
+ return _simple_record(mkb, 0x05, len);
}
const uint8_t *mkb_mk_dv(MKB *mkb)
@@ -237,33 +211,18 @@ const uint8_t *mkb_mk_dv(MKB *mkb)
break;
}
- rec = _record(mkb, dv_record, &len);
+ rec = _simple_record(mkb, dv_record, &len);
- if (len < 20) {
+ if (len < 16) {
return NULL;
}
- if (rec) {
- rec += 4;
- }
-
return rec;
}
const uint8_t *mkb_signature(MKB *mkb, size_t *len)
{
- const uint8_t *rec = _record(mkb, 0x02, len);
-
- if (*len < 4) {
- return NULL;
- }
- if (rec) {
- rec += 4;
- *len -= 4;
- }
-
- return rec;
-
+ return _simple_record(mkb, 0x02, len);
}
static int _cert_is_revoked(const uint8_t *rl, size_t rl_size, const uint8_t
*cert_id_bin)
View it on GitLab:
https://code.videolan.org/videolan/libaacs/-/compare/b9d3bfcdf240b19a9fc6212dec7a9b6c50b5fb8d...d6baeea38cacb385ca525da53d8a30dde0eafefd
--
View it on GitLab:
https://code.videolan.org/videolan/libaacs/-/compare/b9d3bfcdf240b19a9fc6212dec7a9b6c50b5fb8d...d6baeea38cacb385ca525da53d8a30dde0eafefd
You're receiving this email because of your account on code.videolan.org.
_______________________________________________
libaacs-devel mailing list
libaacs-devel@videolan.org
https://mailman.videolan.org/listinfo/libaacs-devel
