aacs.c 18.8 KB
Newer Older
1 2
/*
 * This file is part of libaacs
3
 * Copyright (C) 2009-2010  Obliter0n
npzacs's avatar
npzacs committed
4
 * Copyright (C) 2009-2010  npzacs
5
 *
gates's avatar
gates committed
6 7 8 9
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
10
 *
gates's avatar
gates committed
11
 * This library is distributed in the hope that it will be useful,
12
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
gates's avatar
gates committed
13 14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
15
 *
gates's avatar
gates committed
16 17 18
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library. If not, see
 * <http://www.gnu.org/licenses/>.
19 20
 */

npzacs's avatar
npzacs committed
21 22 23 24
#if HAVE_CONFIG_H
#include "config.h"
#endif

npzacs's avatar
npzacs committed
25 26
#include <util/attributes.h>

cRTrn13's avatar
cRTrn13 committed
27
#include "aacs.h"
28
#include "crypto.h"
cRTrn13's avatar
cRTrn13 committed
29
#include "mmc.h"
30
#include "mkb.h"
gates's avatar
gates committed
31
#include "file/file.h"
gates's avatar
gates committed
32
#include "file/keydbcfg.h"
33 34
#include "util/macro.h"
#include "util/logging.h"
35
#include "util/strutl.h"
cRTrn13's avatar
cRTrn13 committed
36

37
#include <inttypes.h>
38
#include <string.h>
39
#include <stdio.h>
npzacs's avatar
npzacs committed
40 41 42
#ifdef HAVE_SYS_SELECT_H
#include <sys/select.h>
#endif
43
#include <gcrypt.h>
44

npzacs's avatar
npzacs committed
45

npzacs's avatar
npzacs committed
46
struct aacs {
npzacs's avatar
npzacs committed
47
    uint8_t pk[16], mk[16], vuk[16], vid[16], disc_id[20], *uks;
npzacs's avatar
npzacs committed
48 49
    uint32_t num_uks;
    struct config_file_t *cf;
50
    struct title_entry_list_t *ce;
51 52 53 54

    uint32_t num_titles;
    uint16_t current_cps_unit;
    uint16_t *cps_units;  /* [0] = first play ; [1] = top menu ; [2] = title 1 ... */
npzacs's avatar
npzacs committed
55 56
};

57 58 59
static const uint8_t empty_key[] = "\x00\x00\x00\x00\x00\x00\x00\x00"
                                   "\x00\x00\x00\x00\x00\x00\x00\x00";

60 61
static int _validate_pk(const uint8_t *pk,
                        const uint8_t *cvalue, const uint8_t *uv, const uint8_t *vd,
npzacs's avatar
npzacs committed
62
                        uint8_t *mk)
cRTrn13's avatar
cRTrn13 committed
63
{
64 65
    gcry_cipher_hd_t gcry_h;
    int a, ret = 0;
cRTrn13's avatar
cRTrn13 committed
66
    uint8_t dec_vd[16];
67
    char str[40];
cRTrn13's avatar
cRTrn13 committed
68

69
    DEBUG(DBG_AACS, "Validate processing key %s...\n", print_hex(str, pk, 16));
cRTrn13's avatar
cRTrn13 committed
70
    DEBUG(DBG_AACS, " Using:\n");
71 72 73
    DEBUG(DBG_AACS, "   UV: %s\n", print_hex(str, uv, 4));
    DEBUG(DBG_AACS, "   cvalue: %s\n", print_hex(str, cvalue, 16));
    DEBUG(DBG_AACS, "   Verification data: %s\n", print_hex(str, vd, 16));
74

75 76 77
    gcry_cipher_open(&gcry_h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0);
    gcry_cipher_setkey(gcry_h, pk, 16);
    gcry_cipher_decrypt(gcry_h, mk, 16, cvalue, 16);
78

cRTrn13's avatar
cRTrn13 committed
79 80 81 82
    for (a = 0; a < 4; a++) {
        mk[a + 12] ^= uv[a];
    }

83 84 85
    gcry_cipher_setkey(gcry_h, mk, 16);
    gcry_cipher_decrypt (gcry_h, dec_vd, 16, vd, 16);
    gcry_cipher_close(gcry_h);
86

cRTrn13's avatar
cRTrn13 committed
87
    if (!memcmp(dec_vd, "\x01\x23\x45\x67\x89\xAB\xCD\xEF", 8)) {
npzacs's avatar
npzacs committed
88
        DEBUG(DBG_AACS, "Processing key %s is valid!\n", print_hex(str, pk, 16));
89
        ret = 1;
cRTrn13's avatar
cRTrn13 committed
90 91
    }

92
    return ret;
cRTrn13's avatar
cRTrn13 committed
93
}
94

npzacs's avatar
npzacs committed
95
static int _calc_mk(AACS *aacs, const char *path)
cRTrn13's avatar
keyfile  
cRTrn13 committed
96 97 98
{
    int a, num_uvs = 0;
    size_t len;
99
    uint8_t *buf = NULL;
cRTrn13's avatar
keyfile  
cRTrn13 committed
100
    MKB *mkb = NULL;
101
    const uint8_t *rec, *uvs;
cRTrn13's avatar
keyfile  
cRTrn13 committed
102

103 104 105 106
    /* Skip if retrieved from config file */
    if (memcmp(aacs->mk, empty_key, 16))
      return 1;

cRTrn13's avatar
cRTrn13 committed
107 108
    DEBUG(DBG_AACS, "Calculate media key...\n");

109 110 111 112 113 114 115 116 117 118
    if ((mkb = mkb_open(path))) {
        DEBUG(DBG_AACS, "Get UVS...\n");
        uvs = mkb_subdiff_records(mkb, &len);
        rec = uvs;
        while (rec < uvs + len) {
            if (rec[0] & 0xc0)
                break;
            rec += 5;
            num_uvs++;
        }
cRTrn13's avatar
keyfile  
cRTrn13 committed
119

120 121
        DEBUG(DBG_AACS, "Get cvalues...\n");
        rec = mkb_cvalues(mkb, &len);
122 123 124 125 126
        if (aacs->cf->pkl) {
            pk_list *pkcursor = aacs->cf->pkl;
            while (pkcursor && pkcursor->key) {
                hexstring_to_hex_array(aacs->pk, sizeof(aacs->pk),
                                       pkcursor->key);
127 128 129
                DEBUG(DBG_AACS, "Trying processing key...\n");

                for (a = 0; a < num_uvs; a++) {
gates's avatar
gates committed
130 131
                    if (_validate_pk(aacs->pk, rec + a * 16, uvs + 1 + a * 5,
                      mkb_mk_dv(mkb), aacs->mk)) {
132 133
                        mkb_close(mkb);
                        X_FREE(buf);
134

135 136
                        char str[40];
                        DEBUG(DBG_AACS, "Media key: %s\n", print_hex(str, aacs->mk,
gates's avatar
gates committed
137
                                                                     16));
138 139 140 141
                        return 1;
                    }
                }

142
                pkcursor = pkcursor->next;
cRTrn13's avatar
keyfile  
cRTrn13 committed
143
            }
144
        }
cRTrn13's avatar
keyfile  
cRTrn13 committed
145

146 147
        mkb_close(mkb);
        X_FREE(buf);
cRTrn13's avatar
keyfile  
cRTrn13 committed
148 149
    }

npzacs's avatar
npzacs committed
150 151
    DEBUG(DBG_AACS, "Error calculating media key!\n");

cRTrn13's avatar
keyfile  
cRTrn13 committed
152 153
    return 0;
}
154

155
static int _read_vid(AACS *aacs, const char *path)
cRTrn13's avatar
openssl  
cRTrn13 committed
156
{
157 158 159 160 161
    /* Use VID given in config file if available */
    if (memcmp(aacs->vid, empty_key, 16)) {
        return 1;
    }

cRTrn13's avatar
cRTrn13 committed
162
    MMC* mmc = NULL;
163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198
    if (!(mmc = mmc_open(path))) {
        return 0;
    }

    cert_list *hccursor = aacs->cf->host_cert_list;
    while (hccursor && hccursor->host_priv_key && hccursor->host_cert) {

        char tmp_str[2*92+1];
        uint8_t priv_key[20], cert[92];
        hexstring_to_hex_array(priv_key, sizeof(priv_key), hccursor->host_priv_key);
        hexstring_to_hex_array(cert,     sizeof(cert),     hccursor->host_cert);

        if (!crypto_aacs_verify_host_cert(cert)) {
	    DEBUG(DBG_AACS, "Not using invalid host certificate %s.\n",
		  print_hex(tmp_str, cert, 92));

	    hccursor = hccursor->next;
	    continue;
	}

        DEBUG(DBG_AACS, "Trying host certificate (id 0x%s)...\n",
              print_hex(tmp_str, cert + 4, 6));

        if (mmc_read_vid(mmc, priv_key, cert, aacs->vid)) {
            mmc_close(mmc);
            return 1;
        }

        hccursor = hccursor->next;
    }

    mmc_close(mmc);

    DEBUG(DBG_AACS, "Error reading VID!\n");
    return 0;
}
cRTrn13's avatar
openssl  
cRTrn13 committed
199

200 201
static int _calc_vuk(AACS *aacs, const char *path)
{
202 203 204 205
    /* Skip if retrieved from config file */
    if (memcmp(aacs->vuk, empty_key, 16))
      return 1;

npzacs's avatar
npzacs committed
206 207 208 209 210 211
    /* get cached vuk */
    if (keycache_find("vuk", aacs->disc_id, aacs->vuk, 16)) {
        DEBUG(DBG_AACS, "Using cached VUK\n");
        return 1;
    }

212 213 214 215 216
    /* make sure we have media key */
    if (!_calc_mk(aacs, path)) {
        return 0;
    }

217 218
    DEBUG(DBG_AACS, "Calculate volume unique key...\n");

219 220 221
    if (_read_vid(aacs, path)) {

        int a;
222
        gcry_cipher_hd_t gcry_h;
223

224 225 226 227 228 229 230 231 232 233
        gcry_cipher_open(&gcry_h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0);
        gcry_cipher_setkey(gcry_h, aacs->mk, 16);
        gcry_cipher_decrypt(gcry_h, aacs->vuk, 16, aacs->vid, 16);
        gcry_cipher_close(gcry_h);

        for (a = 0; a < 16; a++) {
            aacs->vuk[a] ^= aacs->vid[a];
        }

        char str[40];
234
        DEBUG(DBG_AACS, "Volume unique key: %s\n", print_hex(str, aacs->vuk, 16));
235

npzacs's avatar
npzacs committed
236 237 238
        /* cache vuk */
        keycache_save("vuk", aacs->disc_id, aacs->vuk, 16);

239 240 241
        return 1;
    }

242 243
    DEBUG(DBG_AACS, "Error calculating VUK!\n");

cRTrn13's avatar
openssl  
cRTrn13 committed
244 245 246
    return 0;
}

247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295
static uint16_t _read_u16(AACS_FILE_H *fp)
{
  uint8_t data[2];

  file_read(fp, data, sizeof(uint16_t));

  return MKINT_BE16(data);
}

static void _read_uks_map(AACS *aacs, AACS_FILE_H *fp)
{
    uint16_t first_play, top_menu;
    unsigned i;

    DEBUG(DBG_AACS, "Assigning CPS units to titles ...\n");

    X_FREE(aacs->cps_units);
    aacs->current_cps_unit = 0;

    file_seek(fp, 16 + 4, SEEK_SET);

    first_play = _read_u16(fp);
    top_menu   = _read_u16(fp);

    DEBUG(DBG_AACS, "Title FP : CPS unit %d\n", first_play);
    DEBUG(DBG_AACS, "Title TM : CPS unit %d\n", top_menu);

    aacs->num_titles   = _read_u16(fp);
    aacs->cps_units    = calloc(sizeof(uint16_t), aacs->num_titles + 2);
    aacs->cps_units[0] = first_play;
    aacs->cps_units[1] = top_menu;

    for (i = 2; i < aacs->num_titles + 2; i++) {
        _read_u16(fp); /* reserved */
        aacs->cps_units[i] = _read_u16(fp);
        DEBUG(DBG_AACS, "Title %02d : CPS unit %d\n", i - 1, aacs->cps_units[i]);
    }

    /* validate */
    for (i = 0; i < aacs->num_titles + 2; i++) {
        if (aacs->cps_units[i])
            aacs->cps_units[i]--; /* number [1...N] --> index [0...N-1] */
        if (aacs->cps_units[i] >= aacs->num_uks) {
            DEBUG(DBG_AACS, " *** Invalid CPS unit for title %d: %d !\n", (int) i - 1, aacs->cps_units[i]);
            aacs->cps_units[i] = 0;
        }
    }
}

npzacs's avatar
npzacs committed
296
static int _calc_uks(AACS *aacs, const char *path)
cRTrn13's avatar
openssl  
cRTrn13 committed
297
{
298
    AACS_FILE_H *fp = NULL;
299 300
    char    *f_name;
    uint8_t  buf[16];
301
    uint64_t f_pos;
302
    unsigned int i;
cRTrn13's avatar
openssl  
cRTrn13 committed
303

304 305
    /* Skip if retrieved from config file */
    if (aacs->uks)
306
        return 1;
307

308 309
    /* Make sure we have VUK */
    if (!_calc_vuk(aacs, path)) {
310
        return 0;
311
    }
312

313 314
    DEBUG(DBG_AACS, "Calculate CPS unit keys...\n");

npzacs's avatar
npzacs committed
315
    f_name = str_printf("%s/AACS/Unit_Key_RO.inf", path);
316 317
    fp = file_open(f_name, "rb");
    X_FREE(f_name);
cRTrn13's avatar
openssl  
cRTrn13 committed
318

319
    if (fp) {
320
        if ((file_read(fp, buf, 4)) == 4) {
npzacs's avatar
npzacs committed
321
            f_pos = MKINT_BE32(buf);
cRTrn13's avatar
openssl  
cRTrn13 committed
322

npzacs's avatar
npzacs committed
323
            // Read number of keys
cRTrn13's avatar
cRTrn13 committed
324
            file_seek(fp, f_pos, SEEK_SET);
npzacs's avatar
npzacs committed
325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347
            if ((file_read(fp, buf, 2)) == 2) {
                aacs->num_uks = MKINT_BE16(buf);

                X_FREE(aacs->uks);
                aacs->uks = calloc(aacs->num_uks, 16);

                DEBUG(DBG_AACS, "%d CPS unit keys\n", aacs->num_uks);

            } else {
                aacs->num_uks = 0;
                DEBUG(DBG_AACS, "Error reading number of unit keys!\n");
            }

            // Read keys
            for (i = 0; i < aacs->num_uks; i++) {
                f_pos += 48;

                file_seek(fp, f_pos, SEEK_SET);
                if ((file_read(fp, buf, 16)) != 16) {
                    DEBUG(DBG_AACS, "Unit key %d: read error\n", i);
                    aacs->num_uks = i;
                    break;
                }
cRTrn13's avatar
openssl  
cRTrn13 committed
348

349 350 351 352 353 354
                gcry_cipher_hd_t gcry_h;
                gcry_cipher_open(&gcry_h, GCRY_CIPHER_AES,
                                 GCRY_CIPHER_MODE_ECB, 0);
                gcry_cipher_setkey(gcry_h, aacs->vuk, 16);
                gcry_cipher_decrypt(gcry_h, aacs->uks + 16*i, 16, buf, 16);
                gcry_cipher_close(gcry_h);
cRTrn13's avatar
openssl  
cRTrn13 committed
355

356
                char str[40];
gates's avatar
gates committed
357
                DEBUG(DBG_AACS, "Unit key %d: %s\n", i,
358
                      print_hex(str, aacs->uks + 16*i, 16));
npzacs's avatar
npzacs committed
359
            }
cRTrn13's avatar
openssl  
cRTrn13 committed
360

361 362
            _read_uks_map(aacs, fp);

npzacs's avatar
npzacs committed
363
            file_close(fp);
cRTrn13's avatar
openssl  
cRTrn13 committed
364

npzacs's avatar
npzacs committed
365
            return aacs->num_uks;
366 367 368
        }

        file_close(fp);
cRTrn13's avatar
openssl  
cRTrn13 committed
369 370
    }

371 372
    DEBUG(DBG_AACS, "Could not calculate unit keys!\n");

cRTrn13's avatar
openssl  
cRTrn13 committed
373 374 375
    return 0;
}

376 377
static int _calc_title_hash(const char *path, uint8_t *title_hash)
{
378
    AACS_FILE_H *fp = NULL;
379 380 381 382 383
    uint8_t *ukf_buf;
    char     str[48];
    int64_t  f_size;
    char    *f_name;

npzacs's avatar
npzacs committed
384
    f_name = str_printf("%s/AACS/Unit_Key_RO.inf", path);
385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400

    if (!(fp = file_open(f_name, "rb"))) {
        DEBUG(DBG_AACS, "Failed to open unit key file: %s!\n", f_name);
        X_FREE(f_name);
        return 0;
    }

    X_FREE(f_name);

    file_seek(fp, 0, SEEK_END);
    f_size = file_tell(fp);
    file_seek(fp, 0, SEEK_SET);

    ukf_buf = malloc(f_size);

    if ((file_read(fp, ukf_buf, f_size)) != f_size) {
cRTrn13's avatar
cRTrn13 committed
401

402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417
        DEBUG(DBG_AACS, "Failed to read %"PRIu64" bytes from unit key file!\n", f_size);

        file_close(fp);
        X_FREE(ukf_buf);

        return 0;
    }

    crypto_aacs_title_hash(ukf_buf, f_size, title_hash);
    DEBUG(DBG_AACS, "Disc ID: %s\n", print_hex(str, title_hash, 20));

    file_close(fp);
    X_FREE(ukf_buf);

    return 1;
}
cRTrn13's avatar
cRTrn13 committed
418

npzacs's avatar
npzacs committed
419
static int _verify_ts(uint8_t *buf, size_t size)
420
{
421 422
    uint8_t *ptr;

cRTrn13's avatar
cRTrn13 committed
423 424 425 426 427 428 429
    if (size < 192) {
        return 1;
    }

    for (ptr=buf; ptr < buf+192; ptr++) {
        int failed = 0;
        if (*ptr == 0x47) {
430 431 432 433
            uint8_t *ptr2;

            for (ptr2=ptr; ptr2 < buf + size; ptr2 += 192) {
                if (*ptr2 != 0x47) {
cRTrn13's avatar
cRTrn13 committed
434 435
                    failed = 1;
                    break;
436 437
                }
            }
cRTrn13's avatar
cRTrn13 committed
438 439 440
            if (!failed) {
                return 1;
            }
441 442 443 444
        }
        ptr++;
    }

cRTrn13's avatar
cRTrn13 committed
445
    DEBUG(DBG_AACS, "Failed to verify TS!\n");
446

cRTrn13's avatar
cRTrn13 committed
447
    return 0;
448 449
}

450
/* Function that collects keys from keydb config entry */
npzacs's avatar
npzacs committed
451
static uint32_t _find_config_entry(AACS *aacs, const char *path)
452
{
npzacs's avatar
npzacs committed
453
    uint8_t discid[20];
454
    char str[48];
455 456 457
    uint32_t retval = 0;
    aacs->uks = NULL;
    aacs->num_uks = 0;
cRTrn13's avatar
cRTrn13 committed
458

npzacs's avatar
npzacs committed
459
    if (!_calc_title_hash(path, aacs->disc_id)) {
cRTrn13's avatar
cRTrn13 committed
460 461 462
        return 0;
    }

npzacs's avatar
npzacs committed
463
    if (aacs->cf && aacs->cf->list) {
464 465 466 467 468
        aacs->ce = aacs->cf->list;
        while (aacs->ce && aacs->ce->entry.discid) {
            memset(discid, 0, sizeof(discid));
            hexstring_to_hex_array(discid, sizeof(discid),
                                   aacs->ce->entry.discid);
npzacs's avatar
npzacs committed
469
            if (!memcmp(aacs->disc_id, discid, 20)) {
470 471 472
                DEBUG(DBG_AACS, "Found config entry for discid %s\n",
                      aacs->ce->entry.discid);
                break;
473 474
            }

475
            aacs->ce = aacs->ce->next;
476
        }
477

478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497
        if (aacs->ce->entry.mek) {
            hexstring_to_hex_array(aacs->mk, sizeof(aacs->mk),
                                    aacs->ce->entry.mek);

            DEBUG(DBG_AACS, "Found media key for %s: %s\n",
                  aacs->ce->entry.discid, print_hex(str, aacs->mk, 16));

            retval = 1;
        }

        if (aacs->ce->entry.vid) {
            hexstring_to_hex_array(aacs->vid, sizeof(aacs->vid),
                                    aacs->ce->entry.vid);

            DEBUG(DBG_AACS, "Found volume id for %s: %s\n",
                  aacs->ce->entry.discid, print_hex(str, aacs->vid, 16));

            retval = 1;
        }

498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526
        if (aacs->ce->entry.vuk) {
            hexstring_to_hex_array(aacs->vuk, sizeof(aacs->vuk),
                                    aacs->ce->entry.vuk);

            DEBUG(DBG_AACS, "Found volume unique key for %s: %s\n",
                  aacs->ce->entry.discid, print_hex(str, aacs->vuk, 16));

            retval = 1;
        }

        if (aacs->ce && aacs->ce->entry.uk) {
            DEBUG(DBG_AACS, "Acquire CPS unit keys from keydb config file...\n");

            digit_key_pair_list *ukcursor = aacs->ce->entry.uk;
            while (ukcursor && ukcursor->key_pair.key) {
                aacs->num_uks++;

                aacs->uks = (uint8_t*)realloc(aacs->uks, 16 * aacs->num_uks);
                hexstring_to_hex_array(aacs->uks + (16 * (aacs->num_uks - 1)), 16,
                                      ukcursor->key_pair.key);

                char str[40];
                DEBUG(DBG_AACS, "Unit key %d from keydb entry: %s\n",
                      aacs->num_uks,
                      print_hex(str, aacs->uks + (16 * (aacs->num_uks - 1)), 16));

                ukcursor = ukcursor->next;
            }
        }
527 528
    }

529
    if (aacs->num_uks)
530
        retval = aacs->num_uks;
531 532

    return retval;
533 534
}

535
#define ALIGNED_UNIT_LEN 6144
536
static int _decrypt_unit(AACS *aacs, uint8_t *out_buf, const uint8_t *in_buf, uint32_t curr_uk)
cRTrn13's avatar
cRTrn13 committed
537
{
538 539 540 541 542 543 544
    gcry_cipher_hd_t gcry_h;
    int a;
    uint8_t key[16], iv[] = "\x0b\xa0\xf8\xdd\xfe\xa6\x1f\xb3"
                            "\xd8\xdf\x9f\x56\x6a\x05\x0f\x78";

    gcry_cipher_open(&gcry_h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0);
    gcry_cipher_setkey(gcry_h, aacs->uks + curr_uk * 16, 16);
545
    gcry_cipher_encrypt(gcry_h, key, 16, in_buf, 16);
546
    gcry_cipher_close(gcry_h);
cRTrn13's avatar
cRTrn13 committed
547

cRTrn13's avatar
cRTrn13 committed
548
    for (a = 0; a < 16; a++) {
549
        key[a] ^= in_buf[a];
cRTrn13's avatar
cRTrn13 committed
550 551
    }

552 553
    memcpy(out_buf, in_buf, 16); /* first 16 bytes are plain */

554 555 556
    gcry_cipher_open(&gcry_h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
    gcry_cipher_setkey(gcry_h, key, 16);
    gcry_cipher_setiv(gcry_h, iv, 16);
557
    gcry_cipher_decrypt(gcry_h, out_buf + 16, ALIGNED_UNIT_LEN - 16, in_buf + 16, ALIGNED_UNIT_LEN - 16);
558
    gcry_cipher_close(gcry_h);
cRTrn13's avatar
cRTrn13 committed
559

560
    if (_verify_ts(out_buf, ALIGNED_UNIT_LEN)) {
cRTrn13's avatar
cRTrn13 committed
561 562 563
        return 1;
    }

564
    if (curr_uk < aacs->num_uks - 1) {
565
        return _decrypt_unit(aacs, out_buf, in_buf, curr_uk++);
npzacs's avatar
npzacs committed
566 567
    }

cRTrn13's avatar
cRTrn13 committed
568 569 570
    return 0;
}

npzacs's avatar
npzacs committed
571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602
static int _load_config(AACS *aacs, const char *configfile_path)
{
    int config_ok = 0;

    aacs->cf = keydbcfg_new_config_file();

    /* try to load KEYDB.cfg */

    if (configfile_path) {
        config_ok = keydbcfg_parse_config(aacs->cf, configfile_path);

    } else {
        /* If no configfile path given, check for config files in user's home or
         * under /etc.
         */
        char *cfgfile = keydbcfg_find_config_file();
        config_ok = keydbcfg_parse_config(aacs->cf, cfgfile);
        X_FREE(cfgfile);
    }

    /* Try to load simple (aacskeys) config files */

    config_ok = keydbcfg_load_pk_file(aacs->cf)   || config_ok;
    config_ok = keydbcfg_load_cert_file(aacs->cf) || config_ok;

    if (!config_ok) {
        DEBUG(DBG_AACS, "No valid configuration files found!\n");
    }

    return config_ok;
}

cRTrn13's avatar
cRTrn13 committed
603
AACS *aacs_open(const char *path, const char *configfile_path)
cRTrn13's avatar
cRTrn13 committed
604
{
npzacs's avatar
npzacs committed
605
    DEBUG(DBG_AACS, "libaacs [%zd]\n", sizeof(AACS));
cRTrn13's avatar
cRTrn13 committed
606

607 608 609 610 611 612
    DEBUG(DBG_AACS, "Initializing libgcrypt...\n");
    if (!crypto_init())
    {
        DEBUG(DBG_AACS, "Failed to initialize libgcrypt\n");
        return NULL;
    }
613

cRTrn13's avatar
cRTrn13 committed
614
    AACS *aacs = calloc(1, sizeof(AACS));
615

npzacs's avatar
npzacs committed
616
    if (_load_config(aacs, configfile_path)) {
617
        DEBUG(DBG_AACS, "Searching for keydb config entry...\n");
npzacs's avatar
npzacs committed
618
        _find_config_entry(aacs, path);
619

620
        DEBUG(DBG_AACS, "Starting AACS waterfall...\n");
621
        if (_calc_uks(aacs, path)) {
npzacs's avatar
npzacs committed
622 623 624
            keydbcfg_config_file_close(aacs->cf);
            aacs->cf = NULL;

625 626
            DEBUG(DBG_AACS, "AACS initialized! (%p)\n", aacs);
            return aacs;
627
        }
628 629 630

        keydbcfg_config_file_close(aacs->cf);
        aacs->cf = NULL;
cRTrn13's avatar
cRTrn13 committed
631
    }
cRTrn13's avatar
cRTrn13 committed
632

npzacs's avatar
npzacs committed
633
    DEBUG(DBG_AACS, "Failed to initialize AACS! (%p)\n", aacs);
cRTrn13's avatar
cRTrn13 committed
634

635 636
    aacs_close(aacs);

cRTrn13's avatar
cRTrn13 committed
637
    return NULL;
cRTrn13's avatar
cRTrn13 committed
638 639
}

cRTrn13's avatar
cRTrn13 committed
640
void aacs_close(AACS *aacs)
cRTrn13's avatar
cRTrn13 committed
641
{
642
    X_FREE(aacs->uks);
643
    X_FREE(aacs->cps_units);
644

npzacs's avatar
npzacs committed
645
    DEBUG(DBG_AACS, "AACS destroyed! (%p)\n", aacs);
cRTrn13's avatar
cRTrn13 committed
646

cRTrn13's avatar
cRTrn13 committed
647 648 649
    X_FREE(aacs);
}

650
int aacs_decrypt_unit(AACS *aacs, uint8_t *buf)
651
{
652 653
    uint8_t out_buf[ALIGNED_UNIT_LEN];

654 655 656 657 658
    if (!(buf[0] & 0xc0)) {
        // TP_extra_header Copy_permission_indicator == 0, unit is not encrypted
        return 1;
    }

659
    if (_decrypt_unit(aacs, out_buf, buf, aacs->current_cps_unit)) {
660
        memcpy(buf, out_buf, ALIGNED_UNIT_LEN);
661 662 663 664 665 666 667

        // Clear copy_permission_indicator bits
        int i;
        for (i = 0; i < 6144; i += 192) {
            buf[i] &= ~0xc0;
        }

668 669 670
        return 1;
    }

671
    DEBUG(DBG_AACS, "Failed decrypting unit [6144 bytes] (%p)\n", aacs);
672

673
    return 0;
674
}
cRTrn13's avatar
cRTrn13 committed
675

npzacs's avatar
npzacs committed
676 677 678 679 680
const uint8_t *aacs_get_disc_id(AACS *aacs)
{
    return aacs->disc_id;
}

681
const uint8_t *aacs_get_vid(AACS *aacs)
cRTrn13's avatar
cRTrn13 committed
682 683 684
{
    return aacs->vid;
}
685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711

void aacs_select_title(AACS *aacs, uint32_t title)
{
    if (!aacs) {
        return;
    }

    if (!aacs->cps_units) {
        DEBUG(DBG_AACS|DBG_CRIT, "aacs_select_title(): CPS units not read ! (%p)\n", aacs);
        return;
    }

    if (title == 0xffff) {
        /* first play */
        aacs->current_cps_unit = aacs->cps_units[0];
        DEBUG(DBG_AACS, "aacs_set_title(first_play): CPS unit %d (%p)\n", aacs->current_cps_unit, aacs);
        return;
    }

    if (title <= aacs->num_titles) {
        aacs->current_cps_unit = aacs->cps_units[title + 1];
        DEBUG(DBG_AACS, "aacs_set_title(%d): CPS unit %d (%p)\n", title, aacs->current_cps_unit, aacs);
        return;
    }

    DEBUG(DBG_AACS|DBG_CRIT, "aacs_set_title(%d): invalid title ! (%p)\n", title, aacs);
}