-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathwidevine.go
160 lines (142 loc) · 3.64 KB
/
widevine.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
package widevine
import (
"41.neocities.org/protobuf"
"crypto"
"crypto/aes"
"crypto/cipher"
"crypto/rsa"
"crypto/sha1"
"crypto/x509"
"encoding/pem"
"github.com/chmike/cmac-go"
)
func (p *Pssh) Marshal() []byte {
var message protobuf.Message
for _, key_id := range p.KeyIds {
message.AddBytes(2, key_id)
}
if len(p.ContentId) >= 1 {
message.AddBytes(4, p.ContentId)
}
return message.Marshal()
}
type Pssh struct {
ContentId []byte
KeyIds [][]byte
}
func (c *Cdm) RequestBody() ([]byte, error) {
hash := sha1.Sum(c.license_request)
signature, err := rsa.SignPSS(
rand{},
c.private_key,
crypto.SHA1,
hash[:],
&rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash},
)
if err != nil {
return nil, err
}
// SignedMessage
var signed protobuf.Message
// kktv.me
// type: LICENSE_REQUEST
signed.AddVarint(1, 1)
// LicenseRequest msg
signed.AddBytes(2, c.license_request)
// bytes signature
signed.AddBytes(3, signature)
return signed.Marshal(), nil
}
type Cdm struct {
license_request []byte
private_key *rsa.PrivateKey
}
func (k KeyContainer) Id() []byte {
data, _ := k[0].GetBytes(1)()
return data
}
func (k KeyContainer) iv() []byte {
data, _ := k[0].GetBytes(2)()
return data
}
func (k KeyContainer) Key(block cipher.Block) []byte {
key, _ := k[0].GetBytes(3)()
cipher.NewCBCDecrypter(block, k.iv()).CryptBlocks(key, key)
return unpad(key)
}
type KeyContainer [1]protobuf.Message
func (r *ResponseBody) Unmarshal(data []byte) error {
return (*r)[0].Unmarshal(data)
}
func (r ResponseBody) Container() func() (KeyContainer, bool) {
message, _ := r[0].Get(2)()
next := message.Get(3)
return func() (KeyContainer, bool) {
message, ok := next()
return KeyContainer{message}, ok
}
}
func (r ResponseBody) session_key() []byte {
data, _ := r[0].GetBytes(4)()
return data
}
// SignedMessage
// LICENSE = 2;
type ResponseBody [1]protobuf.Message
func (rand) Read(data []byte) (int, error) {
return len(data), nil
}
type rand struct{}
func (c *Cdm) Block(body ResponseBody) (cipher.Block, error) {
session_key, err := rsa.DecryptOAEP(
sha1.New(), nil, c.private_key, body.session_key(), nil,
)
if err != nil {
return nil, err
}
hash, err := cmac.New(aes.NewCipher, session_key)
if err != nil {
return nil, err
}
var data []byte
data = append(data, 1)
data = append(data, "ENCRYPTION"...)
data = append(data, 0)
data = append(data, c.license_request...)
// hash.Size()
data = append(data, 0, 0, 0, 128)
// github.com/chmike/cmac-go/blob/v1.1.0/cmac.go#L114-L133
hash.Write(data)
return aes.NewCipher(hash.Sum(nil))
}
func unpad(data []byte) []byte {
if len(data) >= 1 {
pad := data[len(data)-1]
if len(data) >= int(pad) {
data = data[:len(data)-int(pad)]
}
}
return data
}
func (c *Cdm) New(private_key, client_id, pssh1 []byte) error {
block, _ := pem.Decode(private_key)
var err error
c.private_key, err = x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
// L1
key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return err
}
c.private_key = key.(*rsa.PrivateKey)
}
c.license_request = protobuf.Message{ // LicenseRequest
{1, protobuf.Bytes(client_id)}, // ClientIdentification client_id
{2, protobuf.Message{ // ContentIdentification content_id
{1, protobuf.Message{ // WidevinePsshData widevine_pssh_data
{1, protobuf.Bytes(pssh1)},
}},
}},
}.Marshal()
return nil
}