/**
* Return a newly allocated counter-mode AES128 cipher implementation,
* using the 128-bit key <b>key</b> and the 128-bit IV <b>iv</b>.
*/
aes_cnt_cipher_t*
aes_new_cipher(const char *key, const char *iv)
{
aes_cnt_cipher_t* result = tor_malloc_zero(sizeof(aes_cnt_cipher_t));
aes_set_key(result, key, 128);
aes_set_iv(result, iv);
return result;
}
/**
* Return a newly allocated counter-mode AES128 cipher implementation,
* using the 128-bit key <b>key</b> and the 128-bit IV <b>iv</b>.
*/
aes_cnt_cipher_t*
aes_new_cipher(const uint8_t *key, const uint8_t *iv, int bits)
{
aes_cnt_cipher_t* result = tor_malloc_zero(sizeof(aes_cnt_cipher_t));
aes_set_key(result, key, bits);
aes_set_iv(result, iv);
return result;
}
int srtp_encrypt(struct srtp *srtp, struct mbuf *mb)
{
struct srtp_stream *strm;
struct rtp_header hdr;
struct comp *comp;
size_t start;
uint64_t ix;
int err;
if (!srtp || !mb)
return EINVAL;
comp = &srtp->rtp;
start = mb->pos;
err = rtp_hdr_decode(&hdr, mb);
if (err)
return err;
err = stream_get_seq(&strm, srtp, hdr.ssrc, hdr.seq);
if (err)
return err;
/* Roll-Over Counter (ROC) */
if (seq_diff(strm->s_l, hdr.seq) <= -32768) {
strm->roc++;
strm->s_l = 0;
}
ix = 65536ULL * strm->roc + hdr.seq;
if (comp->aes) {
union vect128 iv;
uint8_t *p = mbuf_buf(mb);
srtp_iv_calc(&iv, &comp->k_s, strm->ssrc, ix);
aes_set_iv(comp->aes, iv.u8);
err = aes_encr(comp->aes, p, p, mbuf_get_left(mb));
if (err)
return err;
}
if (comp->hmac) {
const size_t tag_start = mb->end;
uint8_t tag[SHA_DIGEST_LENGTH];
mb->pos = tag_start;
err = mbuf_write_u32(mb, htonl(strm->roc));
if (err)
return err;
mb->pos = start;
err = hmac_digest(comp->hmac, tag, sizeof(tag),
mbuf_buf(mb), mbuf_get_left(mb));
if (err)
return err;
mb->pos = mb->end = tag_start;
err = mbuf_write_mem(mb, tag, comp->tag_len);
if (err)
return err;
}
if (hdr.seq > strm->s_l)
strm->s_l = hdr.seq;
mb->pos = start;
return 0;
}
int srtp_decrypt(struct srtp *srtp, struct mbuf *mb)
{
struct srtp_stream *strm;
struct rtp_header hdr;
struct comp *comp;
uint64_t ix;
size_t start;
int diff;
int err;
if (!srtp || !mb)
return EINVAL;
comp = &srtp->rtp;
start = mb->pos;
err = rtp_hdr_decode(&hdr, mb);
if (err)
return err;
err = stream_get_seq(&strm, srtp, hdr.ssrc, hdr.seq);
if (err)
return err;
diff = seq_diff(strm->s_l, hdr.seq);
if (diff > 32768)
return ETIMEDOUT;
/* Roll-Over Counter (ROC) */
if (diff <= -32768) {
strm->roc++;
strm->s_l = 0;
}
ix = srtp_get_index(strm->roc, strm->s_l, hdr.seq);
if (comp->hmac) {
uint8_t tag_calc[SHA_DIGEST_LENGTH];
uint8_t tag_pkt[SHA_DIGEST_LENGTH];
size_t pld_start, tag_start;
if (mbuf_get_left(mb) < comp->tag_len)
return EBADMSG;
pld_start = mb->pos;
tag_start = mb->end - comp->tag_len;
mb->pos = tag_start;
err = mbuf_read_mem(mb, tag_pkt, comp->tag_len);
if (err)
return err;
mb->pos = mb->end = tag_start;
err = mbuf_write_u32(mb, htonl(strm->roc));
if (err)
return err;
mb->pos = start;
err = hmac_digest(comp->hmac, tag_calc, sizeof(tag_calc),
mbuf_buf(mb), mbuf_get_left(mb));
if (err)
return err;
mb->pos = pld_start;
mb->end = tag_start;
if (0 != memcmp(tag_calc, tag_pkt, comp->tag_len))
return EAUTH;
/*
* 3.3.2. Replay Protection
*
* Secure replay protection is only possible when
* integrity protection is present.
*/
if (!srtp_replay_check(&strm->replay_rtp, ix))
return EALREADY;
}
if (comp->aes) {
union vect128 iv;
uint8_t *p = mbuf_buf(mb);
srtp_iv_calc(&iv, &comp->k_s, strm->ssrc, ix);
aes_set_iv(comp->aes, iv.u8);
err = aes_decr(comp->aes, p, p, mbuf_get_left(mb));
if (err)
return err;
}
if (hdr.seq > strm->s_l)
strm->s_l = hdr.seq;
mb->pos = start;
return 0;
}
s32 wad_install(FIL *fil)
{
u16 i;
u32 br;
struct wadheader hdr __attribute__((aligned(32)));
f_lseek(fil, 0);
ASSERT(!f_read(fil, &hdr, sizeof(hdr), &br));
ASSERT(br == sizeof(hdr));
u32 offset = 0;
static u8 key[16] __attribute__((aligned(64))) = {0,};
static u8 iv[16] __attribute__((aligned(64))) = {0,};
ASSERT(hdr.hdr_size == 0x20);
offset += ALIGN(hdr.hdr_size, 0x40);
offset += ALIGN(hdr.certs_size, 0x40);
struct tik *tik = memalign(32, hdr.tik_size);
ASSERT(tik);
f_lseek(fil, offset);
ASSERT(!f_read(fil, tik, hdr.tik_size, &br));
ASSERT(br == hdr.tik_size);
offset += ALIGN(hdr.tik_size, 0x40);
struct tmd *tmd = memalign(32, hdr.tmd_size);
ASSERT(tmd);
f_lseek(fil, offset);
ASSERT(!f_read(fil, tmd, hdr.tmd_size, &br));
ASSERT(br == hdr.tmd_size);
offset += ALIGN(hdr.tmd_size, 0x40);
hexdump(tik, hdr.tik_size);
hexdump(tmd, hdr.tmd_size);
otp_init();
// Get the title key
aes_reset();
aes_set_key(otp.common_key);
memcpy(iv, &tik->title_id, 8);
aes_set_iv(iv);
printf("common:\n");
hexdump(otp.common_key, 16);
printf("iv:\n");
hexdump(iv, 16);
printf("ctk:\n");
hexdump(tik->cipher_title_key, 16);
memcpy(iv, tik->cipher_title_key, 16);
aes_decrypt(iv, key, 1, 0);
memset(iv, 0, 16);
printf("title key:\n");
hexdump(key, 16);
printf("es_addtitle: %d\n", es_addtitle(tmd, tik));
printf("num contents: %d\n", tmd->num_contents);
printf("%08x %08x\n", tmd, tik);
for(i = 0; i < tmd->num_contents; i++) {
#ifdef MSPACES
u8 *content = mspace_memalign(mem2space, 32, ALIGN(tmd->contents[i].size, 0x40));
#else
u8 *content = (void *)0x91000000;//memalign(32, ALIGN(tmd->contents[i].size, 0x40));
#endif
ASSERT(content);
f_lseek(fil, offset);
printf("read content --> %08x size %08x", content, (u32) tmd->contents[i].size);
ASSERT(!f_read(fil, content, ALIGN(tmd->contents[i].size, 0x40), &br));
printf("done\n");
ASSERT(br == ALIGN(tmd->contents[i].size, 0x40));
memcpy(iv, &tmd->contents[i].index, 2);
aes_reset();
aes_set_key(key);
aes_set_iv(iv);
printf("an IV:\n");
hexdump(iv, 16);
aes_decrypt(content, content, ALIGN(tmd->contents[i].size, 0x40) / 16, 0);
printf("decrypted ");
ASSERT(!es_addtitlecontent(tmd, tmd->contents[i].index, content, tmd->contents[i].size));
offset += ALIGN(tmd->contents[i].size, 0x40);
#ifdef MSPACES
mspace_free(mem2space, content);
#else
//free(content);
#endif
}
free(tmd);
free(tik);
return 0;
}
