Result_t
ASDCP::DecryptFrameBuffer(const ASDCP::FrameBuffer& FBin, ASDCP::FrameBuffer& FBout, AESDecContext* Ctx)
{
ASDCP_TEST_NULL(Ctx);
assert(FBout.Capacity() >= FBin.SourceLength());
ui32_t ct_size = FBin.SourceLength() - FBin.PlaintextOffset();
ui32_t diff = ct_size % CBC_BLOCK_SIZE;
ui32_t block_size = ct_size - diff;
assert(block_size);
assert((block_size % CBC_BLOCK_SIZE) == 0);
const byte_t* buf = FBin.RoData();
// get ivec
Ctx->SetIVec(buf);
buf += CBC_BLOCK_SIZE;
// decrypt and test check value
byte_t CheckValue[CBC_BLOCK_SIZE];
Result_t result = Ctx->DecryptBlock(buf, CheckValue, CBC_BLOCK_SIZE);
buf += CBC_BLOCK_SIZE;
if ( memcmp(CheckValue, ESV_CheckValue, CBC_BLOCK_SIZE) != 0 )
return RESULT_CHECKFAIL;
// copy plaintext region
if ( FBin.PlaintextOffset() > 0 )
{
memcpy(FBout.Data(), buf, FBin.PlaintextOffset());
buf += FBin.PlaintextOffset();
}
// decrypt all but last block
if ( ASDCP_SUCCESS(result) )
{
result = Ctx->DecryptBlock(buf, FBout.Data() + FBin.PlaintextOffset(), block_size);
buf += block_size;
}
// decrypt last block
if ( ASDCP_SUCCESS(result) )
{
byte_t the_last_block[CBC_BLOCK_SIZE];
result = Ctx->DecryptBlock(buf, the_last_block, CBC_BLOCK_SIZE);
if ( the_last_block[diff] != 0 )
{
DefaultLogSink().Error("Unexpected non-zero padding value.\n");
return RESULT_FORMAT;
}
if ( diff > 0 )
memcpy(FBout.Data() + FBin.PlaintextOffset() + block_size, the_last_block, diff);
}
if ( ASDCP_SUCCESS(result) )
FBout.Size(FBin.SourceLength());
return result;
}
// base subroutine for reading a KLV packet, assumes file position is at the first byte of the packet
Result_t
ASDCP::Read_EKLV_Packet(Kumu::FileReader& File, const ASDCP::Dictionary& Dict,
const ASDCP::WriterInfo& Info, Kumu::fpos_t& LastPosition, ASDCP::FrameBuffer& CtFrameBuf,
ui32_t FrameNum, ui32_t SequenceNum, ASDCP::FrameBuffer& FrameBuf,
const byte_t* EssenceUL, AESDecContext* Ctx, HMACContext* HMAC)
{
KLReader Reader;
Result_t result = Reader.ReadKLFromFile(File);
if ( KM_FAILURE(result) )
return result;
UL Key(Reader.Key());
ui64_t PacketLength = Reader.Length();
LastPosition = LastPosition + Reader.KLLength() + PacketLength;
if ( Key.MatchIgnoreStream(Dict.ul(MDD_CryptEssence)) ) // ignore the stream numbers
{
if ( ! Info.EncryptedEssence )
{
DefaultLogSink().Error("EKLV packet found, no Cryptographic Context in header.\n");
return RESULT_FORMAT;
}
// read encrypted triplet value into internal buffer
assert(PacketLength <= 0xFFFFFFFFL);
CtFrameBuf.Capacity((ui32_t) PacketLength);
ui32_t read_count;
result = File.Read(CtFrameBuf.Data(), (ui32_t) PacketLength, &read_count);
if ( ASDCP_FAILURE(result) )
return result;
if ( read_count != PacketLength )
{
DefaultLogSink().Error("read length is smaller than EKLV packet length.\n");
return RESULT_FORMAT;
}
CtFrameBuf.Size((ui32_t) PacketLength);
// should be const but mxflib::ReadBER is not
byte_t* ess_p = CtFrameBuf.Data();
// read context ID length
if ( ! Kumu::read_test_BER(&ess_p, UUIDlen) )
return RESULT_FORMAT;
// test the context ID
if ( memcmp(ess_p, Info.ContextID, UUIDlen) != 0 )
{
DefaultLogSink().Error("Packet's Cryptographic Context ID does not match the header.\n");
return RESULT_FORMAT;
}
ess_p += UUIDlen;
// read PlaintextOffset length
if ( ! Kumu::read_test_BER(&ess_p, sizeof(ui64_t)) )
return RESULT_FORMAT;
ui32_t PlaintextOffset = (ui32_t)KM_i64_BE(Kumu::cp2i<ui64_t>(ess_p));
ess_p += sizeof(ui64_t);
// read essence UL length
if ( ! Kumu::read_test_BER(&ess_p, SMPTE_UL_LENGTH) )
return RESULT_FORMAT;
// test essence UL
if ( ! UL(ess_p).MatchIgnoreStream(EssenceUL) ) // ignore the stream number
{
char strbuf[IntBufferLen];
const MDDEntry* Entry = Dict.FindUL(Key.Value());
if ( Entry == 0 )
{
DefaultLogSink().Warn("Unexpected Essence UL found: %s.\n", Key.EncodeString(strbuf, IntBufferLen));
}
else
{
DefaultLogSink().Warn("Unexpected Essence UL found: %s.\n", Entry->name);
}
return RESULT_FORMAT;
}
ess_p += SMPTE_UL_LENGTH;
// read SourceLength length
if ( ! Kumu::read_test_BER(&ess_p, sizeof(ui64_t)) )
return RESULT_FORMAT;
ui32_t SourceLength = (ui32_t)KM_i64_BE(Kumu::cp2i<ui64_t>(ess_p));
ess_p += sizeof(ui64_t);
assert(SourceLength);
if ( FrameBuf.Capacity() < SourceLength )
{
DefaultLogSink().Error("FrameBuf.Capacity: %u SourceLength: %u\n", FrameBuf.Capacity(), SourceLength);
return RESULT_SMALLBUF;
}
ui32_t esv_length = calc_esv_length(SourceLength, PlaintextOffset);
// read ESV length
if ( ! Kumu::read_test_BER(&ess_p, esv_length) )
{
DefaultLogSink().Error("read_test_BER did not return %u\n", esv_length);
return RESULT_FORMAT;
}
ui32_t tmp_len = esv_length + (Info.UsesHMAC ? klv_intpack_size : 0);
if ( PacketLength < tmp_len )
{
DefaultLogSink().Error("Frame length is larger than EKLV packet length.\n");
return RESULT_FORMAT;
}
if ( Ctx )
{
// wrap the pointer and length as a FrameBuffer for use by
// DecryptFrameBuffer() and TestValues()
FrameBuffer TmpWrapper;
TmpWrapper.SetData(ess_p, tmp_len);
TmpWrapper.Size(tmp_len);
TmpWrapper.SourceLength(SourceLength);
TmpWrapper.PlaintextOffset(PlaintextOffset);
result = DecryptFrameBuffer(TmpWrapper, FrameBuf, Ctx);
FrameBuf.FrameNumber(FrameNum);
// detect and test integrity pack
if ( ASDCP_SUCCESS(result) && Info.UsesHMAC && HMAC )
{
IntegrityPack IntPack;
result = IntPack.TestValues(TmpWrapper, Info.AssetUUID, SequenceNum, HMAC);
}
}
else // return ciphertext to caller
{
if ( FrameBuf.Capacity() < tmp_len )
{
char intbuf[IntBufferLen];
DefaultLogSink().Error("FrameBuf.Capacity: %u FrameLength: %s\n",
FrameBuf.Capacity(), ui64sz(PacketLength, intbuf));
return RESULT_SMALLBUF;
}
memcpy(FrameBuf.Data(), ess_p, tmp_len);
FrameBuf.Size(tmp_len);
FrameBuf.FrameNumber(FrameNum);
FrameBuf.SourceLength(SourceLength);
FrameBuf.PlaintextOffset(PlaintextOffset);
}
}
else if ( Key.MatchIgnoreStream(EssenceUL) ) // ignore the stream number
{ // read plaintext frame
if ( FrameBuf.Capacity() < PacketLength )
{
char intbuf[IntBufferLen];
DefaultLogSink().Error("FrameBuf.Capacity: %u FrameLength: %s\n",
FrameBuf.Capacity(), ui64sz(PacketLength, intbuf));
return RESULT_SMALLBUF;
}
// read the data into the supplied buffer
ui32_t read_count;
assert(PacketLength <= 0xFFFFFFFFL);
result = File.Read(FrameBuf.Data(), (ui32_t) PacketLength, &read_count);
if ( ASDCP_FAILURE(result) )
return result;
if ( read_count != PacketLength )
{
char intbuf1[IntBufferLen];
char intbuf2[IntBufferLen];
DefaultLogSink().Error("read_count: %s != FrameLength: %s\n",
ui64sz(read_count, intbuf1),
ui64sz(PacketLength, intbuf2) );
return RESULT_READFAIL;
}
FrameBuf.FrameNumber(FrameNum);
FrameBuf.Size(read_count);
}
else
{
char strbuf[IntBufferLen];
const MDDEntry* Entry = Dict.FindUL(Key.Value());
if ( Entry == 0 )
{
DefaultLogSink().Warn("Unexpected Essence UL found: %s.\n", Key.EncodeString(strbuf, IntBufferLen));
}
else
{
DefaultLogSink().Warn("Unexpected Essence UL found: %s.\n", Entry->name);
}
return RESULT_FORMAT;
}
return result;
}
Result_t
ASDCP::EncryptFrameBuffer(const ASDCP::FrameBuffer& FBin, ASDCP::FrameBuffer& FBout, AESEncContext* Ctx)
{
ASDCP_TEST_NULL(Ctx);
FBout.Size(0);
// size the buffer
Result_t result = FBout.Capacity(calc_esv_length(FBin.Size(), FBin.PlaintextOffset()));
// write the IV
byte_t* p = FBout.Data();
// write the IV to the frame buffer
Ctx->GetIVec(p);
p += CBC_BLOCK_SIZE;
// encrypt the check value to the frame buffer
if ( ASDCP_SUCCESS(result) )
{
result = Ctx->EncryptBlock(ESV_CheckValue, p, CBC_BLOCK_SIZE);
p += CBC_BLOCK_SIZE;
}
// write optional plaintext region
if ( FBin.PlaintextOffset() > 0 )
{
assert(FBin.PlaintextOffset() <= FBin.Size());
memcpy(p, FBin.RoData(), FBin.PlaintextOffset());
p += FBin.PlaintextOffset();
}
ui32_t ct_size = FBin.Size() - FBin.PlaintextOffset();
ui32_t diff = ct_size % CBC_BLOCK_SIZE;
ui32_t block_size = ct_size - diff;
assert((block_size % CBC_BLOCK_SIZE) == 0);
// encrypt the ciphertext region essence data
if ( ASDCP_SUCCESS(result) )
{
result = Ctx->EncryptBlock(FBin.RoData() + FBin.PlaintextOffset(), p, block_size);
p += block_size;
}
// construct and encrypt the padding
if ( ASDCP_SUCCESS(result) )
{
byte_t the_last_block[CBC_BLOCK_SIZE];
if ( diff > 0 )
memcpy(the_last_block, FBin.RoData() + FBin.PlaintextOffset() + block_size, diff);
for (ui32_t i = 0; diff < CBC_BLOCK_SIZE; diff++, i++ )
the_last_block[diff] = i;
result = Ctx->EncryptBlock(the_last_block, p, CBC_BLOCK_SIZE);
}
if ( ASDCP_SUCCESS(result) )
FBout.Size(calc_esv_length(FBin.Size(), FBin.PlaintextOffset()));
return result;
}
