2 Copyright (C) 2013 Carl Hetherington <cth@carlh.net>
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 #include <boost/algorithm/string.hpp>
22 #include <openssl/rsa.h>
23 #include <openssl/pem.h>
24 #include <openssl/err.h>
25 #include <libcxml/cxml.h>
28 #include "compose.hpp"
29 #include "exceptions.h"
33 using std::stringstream;
38 using boost::shared_ptr;
39 using namespace libdcp;
41 KDM::KDM (boost::filesystem::path kdm, boost::filesystem::path private_key)
43 /* Read the private key */
45 FILE* private_key_file = fopen (private_key.string().c_str(), "r");
46 if (!private_key_file) {
47 throw FileError ("could not find RSA private key file", private_key.string ());
50 RSA* rsa = PEM_read_RSAPrivateKey (private_key_file, 0, 0, 0);
51 fclose (private_key_file);
53 throw FileError ("could not read RSA private key file", private_key.string ());
57 /* Read the KDM, decrypting it */
59 cxml::Document f ("DCinemaSecurityMessage");
60 f.read_file (kdm.string ());
62 shared_ptr<cxml::Node> authenticated_private = f.node_child ("AuthenticatedPrivate");
63 list<shared_ptr<cxml::Node> > encrypted_keys = authenticated_private->node_children ("EncryptedKey");
65 for (list<shared_ptr<cxml::Node> >::iterator i = encrypted_keys.begin(); i != encrypted_keys.end(); ++i) {
67 /* Get the base-64-encoded cipher value from the KDM */
68 shared_ptr<cxml::Node> cipher_data = (*i)->node_child ("CipherData");
69 shared_ptr<cxml::Node> cipher_value_base64 = cipher_data->node_child ("CipherValue");
71 /* Decode it from base-64 */
72 unsigned char cipher_value[256];
73 int const cipher_value_len = base64_decode (cipher_value_base64->content(), cipher_value, sizeof (cipher_value));
76 unsigned char* decrypted = new unsigned char[RSA_size(rsa)];
77 int const decrypted_len = RSA_private_decrypt (cipher_value_len, cipher_value, decrypted, rsa, RSA_PKCS1_OAEP_PADDING);
78 if (decrypted_len == -1) {
80 throw MiscError (String::compose ("Could not decrypt KDM (%1)", ERR_error_string (ERR_get_error(), 0)));
83 _ciphers.push_back (KDMCipher (decrypted, decrypted_len));
91 KDMCipher::KDMCipher (unsigned char const * raw, int len)
96 _structure_id = get (&raw, 16);
97 _signer_thumbprint = get (&raw, 20);
98 _cpl_id = get_uuid (&raw, 16);
99 _key_id = get_uuid (&raw, 16);
100 _not_valid_before = get (&raw, 25);
101 _not_valid_after = get (&raw, 25);
102 memcpy (_key_raw, raw, 16);
103 _key_string = get_hex (&raw, 16);
107 _structure_id = get (&raw, 16);
108 _signer_thumbprint = get (&raw, 20);
109 _cpl_id = get_uuid (&raw, 16);
110 _key_type = get (&raw, 4);
111 _key_id = get_uuid (&raw, 16);
112 _not_valid_before = get (&raw, 25);
113 _not_valid_after = get (&raw, 25);
114 memcpy (_key_raw, raw, 16);
115 _key_string = get_hex (&raw, 16);
123 KDMCipher::get (unsigned char const ** p, int N) const
126 for (int i = 0; i < N; ++i) {
135 KDMCipher::get_uuid (unsigned char const ** p, int N) const
139 for (int i = 0; i < N; ++i) {
140 g << setw(2) << setfill('0') << hex << static_cast<int> (**p);
142 if (i == 3 || i == 5 || i == 7 || i == 9) {
151 KDMCipher::get_hex (unsigned char const ** p, int N) const
155 for (int i = 0; i < N; ++i) {
156 g << setw(2) << setfill('0') << hex << static_cast<int> (**p);