def xor(v1, v2):
return bytes(a ^ b for a, b in zip(v1, v2))
print(xor(
b'\x01\x23\x45\x67\x89\xAB\xCD\xEF',
b'\x45\xA9\x1E\x06\xB4\xCD\x87\x1A'
).hex().upper())
from cryptography.hazmat.primitives.ciphers import ( Cipher, algorithms, modes )
from cryptography.hazmat.backends import default_backend
# The Decryption Key : 'UNE CLEF SECRETE'
key = b'\x55\x4E\x45\x20\x43\x4C\x45\x46\x20\x53\x45\x43\x52\x45\x54\x45'
# IV not really random ;-)
iv = b'\x01\x02\x03\x04\x05\x06\x07\x08\x09\x10\x11\x12\x13\x14\x15\x16'
# The ciphertext (encrypted content)
ciphertext = b'\xeb\x36\xd4\x79\x25\x6c\x9e\x6d\x1b\xb4\x11\x52\x6f\x00\x9c\x1b'
# Cryptographic Engine Settings
cipher = Cipher(
algorithms.AES(key),
modes.CBC(iv),
backend=default_backend()
)
decryptor = cipher.decryptor()
# Decryption of the ciphertext (encrypted content)
plaintext = decryptor.update(ciphertext)
# Give 'BONJOUR LE MONDE'
print(plaintext, plaintext.hex())
Decryption of the Value from a KLV Encrypted Essence Container
This code is an example of a decryption of the 16 first octets of the encrypted content following the "SMPTE-429-6 - Essence Encryption" (KLV JPEG2000, KLV WAV PCM, KLV Dolby Atmos, KLV Subtitles, etc...) standard.
#!/usr/bin/env python3
from cryptography.hazmat.primitives.ciphers import ( Cipher, algorithms, modes )
from cryptography.hazmat.backends import default_backend
# Decryption key used to decrypt the MXF content.
key = b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
# Initialization Vector (IV)
# Block of 16 octets used to initiate the cryptographic engine
iv = b'\xc7\x51\x65\x82\xd2\x74\x77\x9e\x09\xf8\x44\x01\x77\x0a\x61\x60'
# "CheckValue" is the 16 first octets that include a fixed-value.
# Decrypted, the content is '43:48:55:4B:43:48:55:4B:43:48:55:4B:43:48:55:4B' or 'CHUKCHUKCHUKCHUK'
checkvalue = b'\x44\x8d\xf3\xbc\x12\x60\x6b\xb2\xe3\xcc\x4a\xed\xec\x31\xbe\x78'
# The 16 first octets of the "Value" field of the KLV (this is the encrypted JPEG2000 header)
data = b'\xbb\x07\x4c\x4f\x11\x37\x30\x6a\x64\x45\xad\x3d\xaf\x0c\xc3\x05'
# Init Cryptographic Engine
cipher = Cipher(
algorithms.AES(key),
modes.CBC(iv),
backend=default_backend()
)
decryptor = cipher.decryptor()
# We add the 16 first octets which is the encrypted "CheckValue"
decryptor.update(checkvalue)
# We add the 16 first octets of our encrypted data
plaintext = decryptor.update(data)
# The decrypted data must be "ff4fff51002f00030000080000000438"
# This is a JPEG2000 Header
print(plaintext.hex())
To get the complete (and simplified) version of this tool which allows to read an encrypted MXF and to extract encrypted essences : mxf-encrypted-decryption.py
$ mxf-encrypted-decryption.py
Usage: ./parse-klv-encrypted-essence.py <mxf> <aeskey>
$ mxf-encrypted-decryption.py encrypted-key-00000000000000000000000000000000.mxf 00000000000000000000000000000000
060e2b34020401010d010301027e0100 - 40300 - 8300001067bec4fc40de4996aac7fa42...
CryptographicContextLink Length : 83000010
CryptographicContextLink Value : 67bec4fc40de4996aac7fa42a6b0ed5e
PlaintextOffset Length : 83000008
PlaintextOffset Value : 0000000000000000 (0 bytes)
SourceKey Length : 83000010
SourceKey Value : 060e2b34010201010d01030115010801
SourceLength Length : 83000008
SourceLength Value : 0000000000009cc8 (40136 bytes)
Encrypted Source Length : 83009cf0 (40176 bytes)
Encrypted Source Value - IV : 765a067b36dfd2e89da94a9c6af0902f
Encrypted Source Value - CheckValue : 7d95b3c594116732ed0b2d9b13ac5283
Encrypted Source Value - Plaintext Data :
Encrypted Source Value - Encrypted Data : 9c52432ad90a1bba64fd0ac5c604a1c9...
TrackFile ID Length : 83000010
TrackFile ID Value : 89af85f04a1545ec8a769008829b2029
Sequence Number Length : 83000008
Sequence Number Value : 0000000000000001
Message Integrity Code (MIC) Length : 83000014
Message Integrity Code (MIC) Value : 5b594d66d09cf6ddfda8f6e691e4291ea7097bc8
Plaintext Source Value : 40144 bytes
Padding : 8 bytes
Note that this tool is focused on JPEG2000 frame extraction, but could work with another essences (some exceptions, see the different chapters for each essence type)
-L : create an SMPTE MXF (not Interop)
-j <keyId> : defined manually the "Cryptographic Key Id"
-k <aeskey> : the AES key for the encryption
-c <outputfile>
-L : create an SMPTE MXF (not Interop)
-E : no headers encryption (36 first octets)
-j <keyId> : defined manually the "Cryptographic Key Id"
-k <aeskey> : the AES key for the encryption
-c <outputfile>
Essence Extraction from an encrypted MXF (asdcplib)
This code is a proof-of-concept, it create an MXF with a single encrypted frame :
(the code is over-simplified, you have no check/verify)
#include <AS_DCP.h>
#include <KM_prng.h> /* FortunaRNG */
#include <Metadata.h> /* MXF:: */
using namespace ASDCP;
int main(void) {
WriterInfo Info;
JP2K::MXFWriter Writer;
JP2K::FrameBuffer FrameBuffer(1024 * 1024);
JP2K::PictureDescriptor PDesc;
JP2K::SequenceParser Parser;
// AES
AESEncContext* Context = 0;
const byte_t aes_key[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
Kumu::FortunaRNG RNG;
byte_t IV_buf[CBC_BLOCK_SIZE];
// HMAC
HMACContext* HMAC = 0;
// Set Header
Info.LabelSetType = LS_MXF_SMPTE;
Kumu::GenRandomUUID(Info.ContextID);
// AssetUUID == TrackFile ID (MIC)
Kumu::GenRandomUUID(Info.AssetUUID);
// Set Cryptographic
Kumu::GenRandomUUID(Info.CryptographicKeyID);
Info.EncryptedEssence = true;
Context = new AESEncContext;
Context->InitKey(aes_key);
Context->SetIVec(RNG.FillRandom(IV_buf, CBC_BLOCK_SIZE));
// Set HMAC
Info.UsesHMAC = true;
HMAC = new HMACContext;
HMAC->InitKey(aes_key, Info.LabelSetType);
// Set Parser from files
Parser.OpenRead("essences/");
Parser.FillPictureDescriptor(PDesc);
// Go to the first file
Parser.Reset();
// Open MXF
Writer.OpenWrite("dump.mxf", Info, PDesc);
// --- foreach frame --------------------------------------
// Read each frame (only one here)
// Each call of ReadFrame() shift to the next frame
// ReadFrame() returns a zero if no new frame
Parser.ReadFrame(FrameBuffer);
FrameBuffer.PlaintextOffset(0); // force no plaintext
// Write each frame into MXF (only one here)
Writer.WriteFrame(FrameBuffer, Context, HMAC);
// --------------------------------------------------------
// Close MXF
Writer.Finalize();
// Show 256 bytes from JPEG2000
FrameBuffer.Dump(stderr, 256);
// Show all metadatas from JPEG2000
JP2K::PictureDescriptorDump(PDesc);
return 0;
}
To compile it :
# You must compile asdcplib first
# to have the libasdcp et libkumu librairies
ASDCPLIB="/chemin/asdcplib/"
g++ -g -O2 \
-lpthread \
-Wl,-bind_at_load \
-DHAVE_OPENSSL=1 \
-I$(ASDCPLIB)/src/ \
$(ASDCPLIB)/src/.libs/libasdcp.so \ # Linux
$(ASDCPLIB)/src/.libs/libkumu.so \ # Linux
$(ASDCPLIB)/src/.libs/libasdcp.dylib \ # MacOS
$(ASDCPLIB)/src/.libs/libkumu.dylib \ # MacOS
`pkg-config openssl --cflags` \
`pkg-config openssl --libs` \
asdcplib-create-encrypted-mxf.cpp \
-o asdcplib-create-encrypted-mxf
To run :
# You must compile asdcplib first
# to have the libasdcp et libkumu librairies
ASDCPLIB="/chemin/asdcplib/"
# Linux
LD_LIBRARY_PATH="$(ASDCPLIB)/src/.libs:${LD_LIBRARY_PATH}" ./asdcplib-create-encrypted-mxf
# MacOS
DYLD_LIBRARY_PATH="$(ASDCPLIB)/src/.libs:${DYLD_LIBRARY_PATH}" ./asdcplib-create-encrypted-mxf
asdcplib.plaintextoffset.patch
Patch to allows an Plaintext Offset via PLAINTEXT_OFFSET environment variable when we use the asdcplib tools. (quick & dirty patch)
asdcplib-fips-lite.cpp
Unit Function to create a derivation key that follows the FIPS 186-2, "General Purpose Random Number Generation" standard - in C++
