/*
- Copyright (C) 2013-2016 Carl Hetherington <cth@carlh.net>
+ Copyright (C) 2013-2017 Carl Hetherington <cth@carlh.net>
This file is part of libdcp.
using std::setfill;
using std::hex;
using std::pair;
+using std::map;
using boost::shared_ptr;
+using boost::optional;
using namespace dcp;
+/* Magic value specified by SMPTE S430-1-2006 */
+static uint8_t smpte_structure_id[] = { 0xf1, 0xdc, 0x12, 0x44, 0x60, 0x16, 0x9a, 0x0e, 0x85, 0xbc, 0x30, 0x06, 0x42, 0xf8, 0x66, 0xab };
+
static void
put (uint8_t ** d, string s)
{
DecryptedKDM::get_uuid (unsigned char ** p)
{
char buffer[37];
+#ifdef LIBDCP_WINDOWS
+ __mingw_snprintf (
+#else
snprintf (
+#endif
buffer, sizeof(buffer), "%02hhx%02hhx%02hhx%02hhx-%02hhx%02hhx-%02hhx%02hhx-%02hhx%02hhx-%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx",
(*p)[0], (*p)[1], (*p)[2], (*p)[3], (*p)[4], (*p)[5], (*p)[6], (*p)[7],
(*p)[8], (*p)[9], (*p)[10], (*p)[11], (*p)[12], (*p)[13], (*p)[14], (*p)[15]
int const decrypted_len = RSA_private_decrypt (cipher_value_len, cipher_value, decrypted, rsa, RSA_PKCS1_OAEP_PADDING);
if (decrypted_len == -1) {
delete[] decrypted;
- throw MiscError (String::compose ("Could not decrypt KDM (%1)", ERR_error_string (ERR_get_error(), 0)));
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+ throw KDMDecryptionError (ERR_error_string (ERR_get_error(), 0), cipher_value_len, RSA_bits(rsa));
+#else
+ throw KDMDecryptionError (ERR_error_string (ERR_get_error(), 0), cipher_value_len, rsa->n->dmax);
+#endif
}
unsigned char* p = decrypted;
/* 93 is not-valid-after (a string) [25 bytes] */
p += 25;
/* 118 is the key [ASDCP::KeyLen bytes] */
- _keys.push_back (DecryptedKDMKey ("", key_id, Key (p), cpl_id));
+ add_key (optional<string>(), key_id, Key (p), cpl_id, INTEROP);
break;
}
case 138:
{
/* SMPTE */
/* 0 is structure id (fixed sequence specified by standard) [16 bytes] */
+ DCP_ASSERT (memcmp (p, smpte_structure_id, 16) == 0);
p += 16;
/* 16 is is signer thumbprint [20 bytes] */
p += 20;
/* 97 is not-valid-after (a string) [25 bytes] */
p += 25;
/* 112 is the key [ASDCP::KeyLen bytes] */
- _keys.push_back (DecryptedKDMKey (key_type, key_id, Key (p), cpl_id));
+ add_key (key_type, key_id, Key (p), cpl_id, SMPTE);
break;
}
default:
}
DecryptedKDM::DecryptedKDM (
- boost::shared_ptr<const CPL> cpl,
+ string cpl_id,
+ map<shared_ptr<const ReelMXF>, Key> keys,
+ LocalTime not_valid_before,
+ LocalTime not_valid_after,
+ string annotation_text,
+ string content_title_text,
+ string issue_date
+ )
+ : _not_valid_before (not_valid_before)
+ , _not_valid_after (not_valid_after)
+ , _annotation_text (annotation_text)
+ , _content_title_text (content_title_text)
+ , _issue_date (issue_date)
+{
+ for (map<shared_ptr<const ReelMXF>, Key>::const_iterator i = keys.begin(); i != keys.end(); ++i) {
+ add_key (i->first->key_type(), i->first->key_id().get(), i->second, cpl_id, SMPTE);
+ }
+}
+
+DecryptedKDM::DecryptedKDM (
+ shared_ptr<const CPL> cpl,
Key key,
LocalTime not_valid_before,
LocalTime not_valid_after,
bool did_one = false;
BOOST_FOREACH(shared_ptr<const ReelAsset> i, cpl->reel_assets ()) {
shared_ptr<const ReelMXF> mxf = boost::dynamic_pointer_cast<const ReelMXF> (i);
- shared_ptr<const ReelAsset> asset = boost::dynamic_pointer_cast<const ReelAsset> (i);
- if (asset && mxf && mxf->key_id ()) {
- _keys.push_back (DecryptedKDMKey (mxf->key_type(), mxf->key_id().get(), key, cpl->id ()));
+ if (mxf && mxf->key_id ()) {
+ add_key (mxf->key_type(), mxf->key_id().get(), key, cpl->id(), SMPTE);
did_one = true;
}
}
* @param cpl_id ID of CPL that the key is for.
*/
void
-DecryptedKDM::add_key (string type, string key_id, Key key, string cpl_id)
+DecryptedKDM::add_key (optional<string> type, string key_id, Key key, string cpl_id, Standard standard)
{
- _keys.push_back (DecryptedKDMKey (type, key_id, key, cpl_id));
+ _keys.push_back (DecryptedKDMKey (type, key_id, key, cpl_id, standard));
}
void
}
EncryptedKDM
-DecryptedKDM::encrypt (shared_ptr<const CertificateChain> signer, Certificate recipient, vector<Certificate> trusted_devices, Formulation formulation) const
+DecryptedKDM::encrypt (
+ shared_ptr<const CertificateChain> signer,
+ Certificate recipient,
+ vector<Certificate> trusted_devices,
+ Formulation formulation,
+ bool disable_forensic_marking_picture,
+ optional<int> disable_forensic_marking_audio
+ ) const
{
+ DCP_ASSERT (!_keys.empty ());
+
list<pair<string, string> > key_ids;
list<string> keys;
BOOST_FOREACH (DecryptedKDMKey const & i, _keys) {
- key_ids.push_back (make_pair (i.type(), i.id ()));
+ /* We're making SMPTE keys so we must have a type for each one */
+ DCP_ASSERT (i.type());
+ key_ids.push_back (make_pair (i.type().get(), i.id ()));
/* XXX: SMPTE only */
uint8_t block[138];
uint8_t* p = block;
- /* Magic value specified by SMPTE S430-1-2006 */
- uint8_t structure_id[] = { 0xf1, 0xdc, 0x12, 0x44, 0x60, 0x16, 0x9a, 0x0e, 0x85, 0xbc, 0x30, 0x06, 0x42, 0xf8, 0x66, 0xab };
- put (&p, structure_id, 16);
+ put (&p, smpte_structure_id, 16);
base64_decode (signer->leaf().thumbprint (), p, 20);
p += 20;
put_uuid (&p, i.cpl_id ());
- put (&p, i.type ());
+ put (&p, i.type().get());
put_uuid (&p, i.id ());
put (&p, _not_valid_before.as_string ());
put (&p, _not_valid_after.as_string ());
signer,
recipient,
trusted_devices,
- device_list_description,
_keys.front().cpl_id (),
_content_title_text,
_annotation_text,
_not_valid_before,
_not_valid_after,
formulation,
+ disable_forensic_marking_picture,
+ disable_forensic_marking_audio,
key_ids,
keys
);