| Line | Branch | Exec | Source |
|---|---|---|---|
| 1 | /* | ||
| 2 | * ASF decryption | ||
| 3 | * Copyright (c) 2007 Reimar Doeffinger | ||
| 4 | * This is a rewrite of code contained in freeme/freeme2 | ||
| 5 | * | ||
| 6 | * This file is part of FFmpeg. | ||
| 7 | * | ||
| 8 | * FFmpeg is free software; you can redistribute it and/or | ||
| 9 | * modify it under the terms of the GNU Lesser General Public | ||
| 10 | * License as published by the Free Software Foundation; either | ||
| 11 | * version 2.1 of the License, or (at your option) any later version. | ||
| 12 | * | ||
| 13 | * FFmpeg is distributed in the hope that it will be useful, | ||
| 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
| 16 | * Lesser General Public License for more details. | ||
| 17 | * | ||
| 18 | * You should have received a copy of the GNU Lesser General Public | ||
| 19 | * License along with FFmpeg; if not, write to the Free Software | ||
| 20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | ||
| 21 | */ | ||
| 22 | |||
| 23 | #include <stddef.h> | ||
| 24 | #include "libavutil/bswap.h" | ||
| 25 | #include "libavutil/des.h" | ||
| 26 | #include "libavutil/intreadwrite.h" | ||
| 27 | #include "libavutil/mem.h" | ||
| 28 | #include "libavutil/rc4.h" | ||
| 29 | #include "asfcrypt.h" | ||
| 30 | |||
| 31 | /** | ||
| 32 | * @brief find multiplicative inverse modulo 2 ^ 32 | ||
| 33 | * @param v number to invert, must be odd! | ||
| 34 | * @return number so that result * v = 1 (mod 2^32) | ||
| 35 | */ | ||
| 36 | 5430 | static uint32_t inverse(uint32_t v) | |
| 37 | { | ||
| 38 | // v ^ 3 gives the inverse (mod 16), could also be implemented | ||
| 39 | // as table etc. (only lowest 4 bits matter!) | ||
| 40 | 5430 | uint32_t inverse = v * v * v; | |
| 41 | // uses a fixpoint-iteration that doubles the number | ||
| 42 | // of correct lowest bits each time | ||
| 43 | 5430 | inverse *= 2 - v * inverse; | |
| 44 | 5430 | inverse *= 2 - v * inverse; | |
| 45 | 5430 | inverse *= 2 - v * inverse; | |
| 46 | 5430 | return inverse; | |
| 47 | } | ||
| 48 | |||
| 49 | /** | ||
| 50 | * @brief read keys from keybuf into keys | ||
| 51 | * @param keybuf buffer containing the keys | ||
| 52 | * @param keys output key array containing the keys for encryption in | ||
| 53 | * native endianness | ||
| 54 | */ | ||
| 55 | 543 | static void multiswap_init(const uint8_t keybuf[48], uint32_t keys[12]) | |
| 56 | { | ||
| 57 | int i; | ||
| 58 |
2/2✓ Branch 0 taken 6516 times.
✓ Branch 1 taken 543 times.
|
7059 | for (i = 0; i < 12; i++) |
| 59 | 6516 | keys[i] = AV_RL32(keybuf + (i << 2)) | 1; | |
| 60 | 543 | } | |
| 61 | |||
| 62 | /** | ||
| 63 | * @brief invert the keys so that encryption become decryption keys and | ||
| 64 | * the other way round. | ||
| 65 | * @param keys key array of ints to invert | ||
| 66 | */ | ||
| 67 | 543 | static void multiswap_invert_keys(uint32_t keys[12]) | |
| 68 | { | ||
| 69 | int i; | ||
| 70 |
2/2✓ Branch 0 taken 2715 times.
✓ Branch 1 taken 543 times.
|
3258 | for (i = 0; i < 5; i++) |
| 71 | 2715 | keys[i] = inverse(keys[i]); | |
| 72 |
2/2✓ Branch 0 taken 2715 times.
✓ Branch 1 taken 543 times.
|
3258 | for (i = 6; i < 11; i++) |
| 73 | 2715 | keys[i] = inverse(keys[i]); | |
| 74 | 543 | } | |
| 75 | |||
| 76 | 90370 | static uint32_t multiswap_step(const uint32_t keys[6], uint32_t v) | |
| 77 | { | ||
| 78 | int i; | ||
| 79 | 90370 | v *= keys[0]; | |
| 80 |
2/2✓ Branch 0 taken 361480 times.
✓ Branch 1 taken 90370 times.
|
451850 | for (i = 1; i < 5; i++) { |
| 81 | 361480 | v = (v >> 16) | (v << 16); | |
| 82 | 361480 | v *= keys[i]; | |
| 83 | } | ||
| 84 | 90370 | v += keys[5]; | |
| 85 | 90370 | return v; | |
| 86 | } | ||
| 87 | |||
| 88 | 1086 | static uint32_t multiswap_inv_step(const uint32_t keys[6], uint32_t v) | |
| 89 | { | ||
| 90 | int i; | ||
| 91 | 1086 | v -= keys[5]; | |
| 92 |
2/2✓ Branch 0 taken 4344 times.
✓ Branch 1 taken 1086 times.
|
5430 | for (i = 4; i > 0; i--) { |
| 93 | 4344 | v *= keys[i]; | |
| 94 | 4344 | v = (v >> 16) | (v << 16); | |
| 95 | } | ||
| 96 | 1086 | v *= keys[0]; | |
| 97 | 1086 | return v; | |
| 98 | } | ||
| 99 | |||
| 100 | /** | ||
| 101 | * @brief "MultiSwap" encryption | ||
| 102 | * @param keys 32 bit numbers in machine endianness, | ||
| 103 | * 0-4 and 6-10 must be inverted from decryption | ||
| 104 | * @param key another key, this one must be the same for the decryption | ||
| 105 | * @param data data to encrypt | ||
| 106 | * @return encrypted data | ||
| 107 | */ | ||
| 108 | 45185 | static uint64_t multiswap_enc(const uint32_t keys[12], | |
| 109 | uint64_t key, uint64_t data) | ||
| 110 | { | ||
| 111 | 45185 | uint32_t a = data; | |
| 112 | 45185 | uint32_t b = data >> 32; | |
| 113 | uint32_t c; | ||
| 114 | uint32_t tmp; | ||
| 115 | 45185 | a += key; | |
| 116 | 45185 | tmp = multiswap_step(keys, a); | |
| 117 | 45185 | b += tmp; | |
| 118 | 45185 | c = (key >> 32) + tmp; | |
| 119 | 45185 | tmp = multiswap_step(keys + 6, b); | |
| 120 | 45185 | c += tmp; | |
| 121 | 45185 | return ((uint64_t)c << 32) | tmp; | |
| 122 | } | ||
| 123 | |||
| 124 | /** | ||
| 125 | * @brief "MultiSwap" decryption | ||
| 126 | * @param keys 32 bit numbers in machine endianness, | ||
| 127 | * 0-4 and 6-10 must be inverted from encryption | ||
| 128 | * @param key another key, this one must be the same as for the encryption | ||
| 129 | * @param data data to decrypt | ||
| 130 | * @return decrypted data | ||
| 131 | */ | ||
| 132 | 543 | static uint64_t multiswap_dec(const uint32_t keys[12], | |
| 133 | uint64_t key, uint64_t data) | ||
| 134 | { | ||
| 135 | uint32_t a; | ||
| 136 | uint32_t b; | ||
| 137 | 543 | uint32_t c = data >> 32; | |
| 138 | 543 | uint32_t tmp = data; | |
| 139 | 543 | c -= tmp; | |
| 140 | 543 | b = multiswap_inv_step(keys + 6, tmp); | |
| 141 | 543 | tmp = c - (key >> 32); | |
| 142 | 543 | b -= tmp; | |
| 143 | 543 | a = multiswap_inv_step(keys, tmp); | |
| 144 | 543 | a -= key; | |
| 145 | 543 | return ((uint64_t)b << 32) | a; | |
| 146 | } | ||
| 147 | |||
| 148 | 549 | void ff_asfcrypt_dec(const uint8_t key[20], uint8_t *data, int len) | |
| 149 | { | ||
| 150 | struct AVDES *des; | ||
| 151 | struct AVRC4 *rc4; | ||
| 152 | 549 | int num_qwords = len >> 3; | |
| 153 | 549 | uint8_t *qwords = data; | |
| 154 | 549 | uint64_t rc4buff[8] = { 0 }; | |
| 155 | uint64_t packetkey; | ||
| 156 | uint32_t ms_keys[12]; | ||
| 157 | uint64_t ms_state; | ||
| 158 | int i; | ||
| 159 |
2/2✓ Branch 0 taken 6 times.
✓ Branch 1 taken 543 times.
|
549 | if (len < 16) { |
| 160 |
2/2✓ Branch 0 taken 20 times.
✓ Branch 1 taken 6 times.
|
26 | for (i = 0; i < len; i++) |
| 161 | 20 | data[i] ^= key[i]; | |
| 162 | 6 | return; | |
| 163 | } | ||
| 164 | 543 | des = av_des_alloc(); | |
| 165 | 543 | rc4 = av_rc4_alloc(); | |
| 166 |
2/4✓ Branch 0 taken 543 times.
✗ Branch 1 not taken.
✗ Branch 2 not taken.
✓ Branch 3 taken 543 times.
|
543 | if (!des || !rc4) { |
| 167 | ✗ | av_freep(&des); | |
| 168 | ✗ | av_freep(&rc4); | |
| 169 | ✗ | return; | |
| 170 | } | ||
| 171 | |||
| 172 | 543 | av_rc4_init(rc4, key, 12 * 8, 1); | |
| 173 | 543 | av_rc4_crypt(rc4, (uint8_t *)rc4buff, NULL, sizeof(rc4buff), NULL, 1); | |
| 174 | 543 | multiswap_init((uint8_t *)rc4buff, ms_keys); | |
| 175 | |||
| 176 | 543 | packetkey = AV_RN64(&qwords[num_qwords * 8 - 8]); | |
| 177 | 543 | packetkey ^= rc4buff[7]; | |
| 178 | 543 | av_des_init(des, key + 12, 64, 1); | |
| 179 | 543 | av_des_crypt(des, (uint8_t *)&packetkey, (uint8_t *)&packetkey, 1, NULL, 1); | |
| 180 | 543 | packetkey ^= rc4buff[6]; | |
| 181 | |||
| 182 | 543 | av_rc4_init(rc4, (uint8_t *)&packetkey, 64, 1); | |
| 183 | 543 | av_rc4_crypt(rc4, data, data, len, NULL, 1); | |
| 184 | |||
| 185 | 543 | ms_state = 0; | |
| 186 |
2/2✓ Branch 0 taken 45185 times.
✓ Branch 1 taken 543 times.
|
45728 | for (i = 0; i < num_qwords - 1; i++, qwords += 8) |
| 187 | 45185 | ms_state = multiswap_enc(ms_keys, ms_state, AV_RL64(qwords)); | |
| 188 | 543 | multiswap_invert_keys(ms_keys); | |
| 189 | 543 | packetkey = (packetkey << 32) | (packetkey >> 32); | |
| 190 | 543 | packetkey = av_le2ne64(packetkey); | |
| 191 | 543 | packetkey = multiswap_dec(ms_keys, ms_state, packetkey); | |
| 192 | 543 | AV_WL64(qwords, packetkey); | |
| 193 | |||
| 194 | 543 | av_free(rc4); | |
| 195 | 543 | av_free(des); | |
| 196 | } | ||
| 197 |