Fix over encrypted RSA key decryption algorithm

This commit is contained in:
Grégory Soutadé 2022-12-21 20:15:11 +01:00
parent 7878f91cdd
commit afab1c0012
2 changed files with 12 additions and 18 deletions

View File

@ -231,7 +231,7 @@ namespace gourou
void buildSignInRequest(pugi::xml_document& signInRequest, const std::string& adobeID, const std::string& adobePassword, const std::string& authenticationCertificate); void buildSignInRequest(pugi::xml_document& signInRequest, const std::string& adobeID, const std::string& adobePassword, const std::string& authenticationCertificate);
void fetchLicenseServiceCertificate(const std::string& licenseURL, void fetchLicenseServiceCertificate(const std::string& licenseURL,
const std::string& operatorURL); const std::string& operatorURL);
std::string encryptedKeyFirstPass(pugi::xml_document& rightsDoc, const std::string& encryptedKey, const std::string& keyType, ITEM_TYPE type); std::string encryptedKeyFirstPass(pugi::xml_document& rightsDoc, const std::string& encryptedKey, const std::string& keyType);
void decryptADEPTKey(const std::string& encryptedKey, unsigned char* decryptedKey); void decryptADEPTKey(const std::string& encryptedKey, unsigned char* decryptedKey);
void removeEPubDRM(const std::string& filenameIn, const std::string& filenameOut, const unsigned char* encryptionKey, unsigned encryptionKeySize); void removeEPubDRM(const std::string& filenameIn, const std::string& filenameOut, const unsigned char* encryptionKey, unsigned encryptionKeySize);
void generatePDFObjectKey(int version, void generatePDFObjectKey(int version,

View File

@ -963,13 +963,13 @@ namespace gourou
/** /**
* RSA Key can be over encrypted with AES128-CBC if keyType attribute is set * RSA Key can be over encrypted with AES128-CBC if keyType attribute is set
* For EPUB, Key = SHA256(keyType)[14:22] || SHA256(keyType)[7:13] * remainder = keyType % 16
* For PDF, Key = SHA256(keyType)[6:19] || SHA256(keyType)[3:6] * Key = SHA256(keyType)[remainder*2:remainder*2+(16-remainder)] || SHA256(keyType)[16-remainder:16]
* IV = DeviceID ^ FulfillmentId ^ VoucherId * IV = DeviceID ^ FulfillmentId ^ VoucherId
* *
* @return Base64 encoded decrypted key * @return Base64 encoded decrypted key
*/ */
std::string DRMProcessor::encryptedKeyFirstPass(pugi::xml_document& rightsDoc, const std::string& encryptedKey, const std::string& keyType, ITEM_TYPE type) std::string DRMProcessor::encryptedKeyFirstPass(pugi::xml_document& rightsDoc, const std::string& encryptedKey, const std::string& keyType)
{ {
unsigned char digest[32], key[16], iv[16]; unsigned char digest[32], key[16], iv[16];
unsigned int dataOutLength; unsigned int dataOutLength;
@ -979,17 +979,11 @@ namespace gourou
dumpBuffer(gourou::LG_LOG_DEBUG, "SHA of KeyType : ", digest, sizeof(digest)); dumpBuffer(gourou::LG_LOG_DEBUG, "SHA of KeyType : ", digest, sizeof(digest));
switch(type) long nonce = std::stol(keyType);
{ int remainder = nonce % 16;
case EPUB:
memcpy(key, &digest[14], 9); memcpy(key, &digest[remainder*2], 16-remainder);
memcpy(&key[9], &digest[7], 7); memcpy(&key[16-remainder], &digest[remainder], remainder);
break;
case PDF:
memcpy(key, &digest[6], 13);
memcpy(&key[13], &digest[3], 3);
break;
}
id = extractTextElem(rightsDoc, "/adept:rights/licenseToken/device"); id = extractTextElem(rightsDoc, "/adept:rights/licenseToken/device");
if (id == "") if (id == "")
@ -1067,7 +1061,7 @@ namespace gourou
std::string keyType = extractTextAttribute(rightsDoc, "/adept:rights/licenseToken/encryptedKey", "keyType", false); std::string keyType = extractTextAttribute(rightsDoc, "/adept:rights/licenseToken/encryptedKey", "keyType", false);
if (keyType != "") if (keyType != "")
encryptedKey = encryptedKeyFirstPass(rightsDoc, encryptedKey, keyType, EPUB); encryptedKey = encryptedKeyFirstPass(rightsDoc, encryptedKey, keyType);
decryptADEPTKey(encryptedKey, decryptedKey); decryptADEPTKey(encryptedKey, decryptedKey);
@ -1262,7 +1256,7 @@ namespace gourou
std::string keyType = extractTextAttribute(rightsDoc, "/adept:rights/licenseToken/encryptedKey", "keyType", false); std::string keyType = extractTextAttribute(rightsDoc, "/adept:rights/licenseToken/encryptedKey", "keyType", false);
if (keyType != "") if (keyType != "")
encryptedKey = encryptedKeyFirstPass(rightsDoc, encryptedKey, keyType, PDF); encryptedKey = encryptedKeyFirstPass(rightsDoc, encryptedKey, keyType);
decryptADEPTKey(encryptedKey, decryptedKey); decryptADEPTKey(encryptedKey, decryptedKey);