#include "film.h"
#include "dkdm_wrapper.h"
#include "compose.hpp"
+#include "crypto.h"
#include <dcp/raw_convert.h>
#include <dcp/name_format.h>
#include <dcp/certificate_chain.h>
using boost::optional;
using boost::dynamic_pointer_cast;
using boost::algorithm::trim;
+using boost::shared_array;
using dcp::raw_convert;
Config* Config::_instance = 0;
BOOST_FOREACH (cxml::NodePtr i, decryption->node_children ("Certificate")) {
c->add (dcp::Certificate (i->content ()));
}
- c->set_key (decryption->string_child ("PrivateKey"));
+ optional<string> key = decryption->optional_string_child ("PrivateKey");
+#ifdef DCPOMATIC_VARIANT_SWAROOP
+ if (key) {
+ c->set_key (*key);
+ } else {
+ dcp::Data encrypted_key (path("private"));
+ dcp::Data iv (path("iv"));
+ c->set_key (dcpomatic::decrypt (encrypted_key, key_from_uuid(), iv));
+ }
+#else
+ DCPOMATIC_ASSERT (key);
+ c->set_key (*key);
+#endif
_decryption_chain = c;
} else {
_decryption_chain = create_certificate_chain ();
write_cinemas ();
}
+#ifdef DCPOMATIC_VARIANT_SWAROOP
+/* Make up a key from the machine UUID */
+dcp::Data
+Config::key_from_uuid () const
+{
+ dcp::Data key (dcpomatic::crypto_key_length());
+ memset (key.data().get(), 0, key.size());
+ string const magic = command_and_read ("dcpomatic2_uuid");
+ strncpy ((char *) key.data().get(), magic.c_str(), dcpomatic::crypto_key_length());
+ return key;
+}
+#endif
+
void
Config::write_config () const
{
BOOST_FOREACH (dcp::Certificate const & i, _signer_chain->unordered()) {
signer->add_child("Certificate")->add_child_text (i.certificate (true));
}
-#ifdef DCPOMATIC_SWAROOP
- FILE* f = fopen_boost (path("private"), "wb");
- if (!f) {
- throw FileError ("Could not open file for writing", path("private"));
- }
- shared_array<uint8_t> iv = dcpomatic::random_iv ();
- dcp::Data encrypted_key = dcpomatic::encrypt (_signer_chain->key().get(), key, iv);
- fwrite (encrypted_key.data().get(), encrypted_key.data().size(), 1, f);
- fclose (f);
-#else
signer->add_child("PrivateKey")->add_child_text (_signer_chain->key().get ());
-#endif
/* [XML] Decryption Certificate chain and private key to use when decrypting KDMs */
xmlpp::Element* decryption = root->add_child ("Decryption");
BOOST_FOREACH (dcp::Certificate const & i, _decryption_chain->unordered()) {
decryption->add_child("Certificate")->add_child_text (i.certificate (true));
}
+#ifdef DCPOMATIC_VARIANT_SWAROOP
+ dcp::Data iv = dcpomatic::random_iv ();
+ dcp::Data encrypted_key = dcpomatic::encrypt (_decryption_chain->key().get(), key_from_uuid(), iv);
+ encrypted_key.write (path("private"));
+ iv.write (path("iv"));
+#else
decryption->add_child("PrivateKey")->add_child_text (_decryption_chain->key().get ());
+#endif
/* [XML] History Filename of DCP to present in the <guilabel>File</guilabel> menu of the GUI; there can be more than one
of these tags.
boost::filesystem::path directory_or (boost::optional<boost::filesystem::path> dir, boost::filesystem::path a) const;
void add_to_history_internal (std::vector<boost::filesystem::path>& h, boost::filesystem::path p);
void backup ();
+#ifdef DCPOMATIC_VARIANT_SWAROOP
+ dcp::Data key_from_uuid () const;
+#endif
template <class T>
void maybe_set (T& member, T new_value, Property prop = OTHER) {
return boost::filesystem::path(getenv("HOMEDRIVE")) / boost::filesystem::path(getenv("HOMEPATH"));
#endif
}
+
+string
+command_and_read (string cmd)
+{
+#ifdef DCPOMATIC_LINUX
+ FILE* pipe = popen (cmd.c_str(), "r");
+ if (!pipe) {
+ throw runtime_error ("popen failed");
+ }
+
+ string result;
+ char buffer[128];
+ try {
+ while (fgets(buffer, sizeof(buffer), pipe)) {
+ result += buffer;
+ }
+ } catch (...) {
+ pclose (pipe);
+ throw;
+ }
+
+ pclose (pipe);
+ return result;
+#endif
+
+ return "";
+}
extern uint64_t thread_id ();
extern int avio_open_boost (AVIOContext** s, boost::filesystem::path file, int flags);
extern boost::filesystem::path home_directory ();
+extern std::string command_and_read (std::string cmd);
/** @class Waker
* @brief A class which tries to keep the computer awake on various operating systems.
/** The cipher that this code uses */
#define CIPHER EVP_aes_256_cbc()
-shared_array<unsigned char>
+dcp::Data
dcpomatic::random_iv ()
{
EVP_CIPHER const * cipher = CIPHER;
- shared_array<unsigned char> iv (new unsigned char[EVP_CIPHER_iv_length(cipher)]);
- RAND_bytes (iv.get(), EVP_CIPHER_iv_length(cipher));
+ dcp::Data iv (EVP_CIPHER_iv_length(cipher));
+ RAND_bytes (iv.data().get(), iv.size());
return iv;
}
dcp::Data
-dcpomatic::encrypt (string plaintext, shared_array<unsigned char const> key, shared_array<unsigned char const> iv)
+dcpomatic::encrypt (string plaintext, dcp::Data key, dcp::Data iv)
{
EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new ();
if (!ctx) {
throw CryptoError ("could not create cipher context");
}
- int r = EVP_EncryptInit_ex (ctx, CIPHER, 0, key.get(), iv.get());
+ int r = EVP_EncryptInit_ex (ctx, CIPHER, 0, key.data().get(), iv.data().get());
if (r != 1) {
throw CryptoError ("could not initialise cipher context for encryption");
}
dcp::Data ciphertext (plaintext.size() * 2);
int len;
- r = EVP_EncryptUpdate (ctx, ciphertext.data().get(), &len, (unsigned char const *) plaintext.c_str(), plaintext.size());
+ r = EVP_EncryptUpdate (ctx, ciphertext.data().get(), &len, (uint8_t const *) plaintext.c_str(), plaintext.size());
if (r != 1) {
throw CryptoError ("could not encrypt data");
}
}
string
-dcpomatic::decrypt (dcp::Data ciphertext, shared_array<unsigned char const> key, shared_array<unsigned char const> iv)
+dcpomatic::decrypt (dcp::Data ciphertext, dcp::Data key, dcp::Data iv)
{
EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new ();
if (!ctx) {
throw CryptoError ("could not create cipher context");
}
- int r = EVP_DecryptInit_ex (ctx, CIPHER, 0, key.get(), iv.get());
+ int r = EVP_DecryptInit_ex (ctx, CIPHER, 0, key.data().get(), iv.data().get());
if (r != 1) {
throw CryptoError ("could not initialise cipher context for decryption");
}
namespace dcpomatic {
-boost::shared_array<unsigned char> random_iv ();
-dcp::Data encrypt (std::string plaintext, boost::shared_array<unsigned char const> key, boost::shared_array<unsigned char const> iv);
-std::string decrypt (dcp::Data ciphertext, boost::shared_array<unsigned char const> key, boost::shared_array<unsigned char const> iv);
+dcp::Data random_iv ();
+dcp::Data encrypt (std::string plaintext, dcp::Data key, dcp::Data iv);
+std::string decrypt (dcp::Data ciphertext, dcp::Data key, dcp::Data iv);
int crypto_key_length ();
}
BOOST_AUTO_TEST_CASE (crypto_test)
{
- shared_array<unsigned char> key (new unsigned char[dcpomatic::crypto_key_length()]);
- shared_array<unsigned char> iv = dcpomatic::random_iv ();
+ dcp::Data key (dcpomatic::crypto_key_length());
+ dcp::Data iv = dcpomatic::random_iv ();
- RAND_bytes (key.get(), dcpomatic::crypto_key_length());
+ RAND_bytes (key.data().get(), dcpomatic::crypto_key_length());
dcp::Data ciphertext = dcpomatic::encrypt ("Can you see any fish?", key, iv);
BOOST_REQUIRE_EQUAL (dcpomatic::decrypt (ciphertext, key, iv), "Can you see any fish?");
- key[5]++;
+ key.data()[5]++;
BOOST_REQUIRE_THROW (dcpomatic::decrypt (ciphertext, key, iv), CryptoError);
}