1/*
2 * ASF decryption
3 * Copyright (c) 2007 Reimar Doeffinger
4 * This is a rewrite of code contained in freeme/freeme2
5 *
6 * This file is part of FFmpeg.
7 *
8 * FFmpeg is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
12 *
13 * FFmpeg is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with FFmpeg; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
21 */
22
23#include "libavutil/bswap.h"
24#include "libavutil/common.h"
25#include "libavutil/des.h"
26#include "libavutil/intreadwrite.h"
27#include "libavutil/rc4.h"
28#include "asfcrypt.h"
29
30/**
31 * @brief find multiplicative inverse modulo 2 ^ 32
32 * @param v number to invert, must be odd!
33 * @return number so that result * v = 1 (mod 2^32)
34 */
35static uint32_t inverse(uint32_t v)
36{
37    // v ^ 3 gives the inverse (mod 16), could also be implemented
38    // as table etc. (only lowest 4 bits matter!)
39    uint32_t inverse = v * v * v;
40    // uses a fixpoint-iteration that doubles the number
41    // of correct lowest bits each time
42    inverse *= 2 - v * inverse;
43    inverse *= 2 - v * inverse;
44    inverse *= 2 - v * inverse;
45    return inverse;
46}
47
48/**
49 * @brief read keys from keybuf into keys
50 * @param keybuf buffer containing the keys
51 * @param keys output key array containing the keys for encryption in
52 *             native endianness
53 */
54static void multiswap_init(const uint8_t keybuf[48], uint32_t keys[12])
55{
56    int i;
57    for (i = 0; i < 12; i++)
58        keys[i] = AV_RL32(keybuf + (i << 2)) | 1;
59}
60
61/**
62 * @brief invert the keys so that encryption become decryption keys and
63 *        the other way round.
64 * @param keys key array of ints to invert
65 */
66static void multiswap_invert_keys(uint32_t keys[12])
67{
68    int i;
69    for (i = 0; i < 5; i++)
70        keys[i] = inverse(keys[i]);
71    for (i = 6; i < 11; i++)
72        keys[i] = inverse(keys[i]);
73}
74
75static uint32_t multiswap_step(const uint32_t keys[12], uint32_t v)
76{
77    int i;
78    v *= keys[0];
79    for (i = 1; i < 5; i++) {
80        v  = (v >> 16) | (v << 16);
81        v *= keys[i];
82    }
83    v += keys[5];
84    return v;
85}
86
87static uint32_t multiswap_inv_step(const uint32_t keys[12], uint32_t v)
88{
89    int i;
90    v -= keys[5];
91    for (i = 4; i > 0; i--) {
92        v *= keys[i];
93        v  = (v >> 16) | (v << 16);
94    }
95    v *= keys[0];
96    return v;
97}
98
99/**
100 * @brief "MultiSwap" encryption
101 * @param keys 32 bit numbers in machine endianness,
102 *             0-4 and 6-10 must be inverted from decryption
103 * @param key another key, this one must be the same for the decryption
104 * @param data data to encrypt
105 * @return encrypted data
106 */
107static uint64_t multiswap_enc(const uint32_t keys[12],
108                              uint64_t key, uint64_t data)
109{
110    uint32_t a = data;
111    uint32_t b = data >> 32;
112    uint32_t c;
113    uint32_t tmp;
114    a  += key;
115    tmp = multiswap_step(keys, a);
116    b  += tmp;
117    c   = (key >> 32) + tmp;
118    tmp = multiswap_step(keys + 6, b);
119    c  += tmp;
120    return ((uint64_t)c << 32) | tmp;
121}
122
123/**
124 * @brief "MultiSwap" decryption
125 * @param keys 32 bit numbers in machine endianness,
126 *             0-4 and 6-10 must be inverted from encryption
127 * @param key another key, this one must be the same as for the encryption
128 * @param data data to decrypt
129 * @return decrypted data
130 */
131static uint64_t multiswap_dec(const uint32_t keys[12],
132                              uint64_t key, uint64_t data)
133{
134    uint32_t a;
135    uint32_t b;
136    uint32_t c   = data >> 32;
137    uint32_t tmp = data;
138    c  -= tmp;
139    b   = multiswap_inv_step(keys + 6, tmp);
140    tmp = c - (key >> 32);
141    b  -= tmp;
142    a   = multiswap_inv_step(keys, tmp);
143    a  -= key;
144    return ((uint64_t)b << 32) | a;
145}
146
147void ff_asfcrypt_dec(const uint8_t key[20], uint8_t *data, int len)
148{
149    struct AVDES des;
150    struct AVRC4 rc4;
151    int num_qwords      = len >> 3;
152    uint8_t *qwords     = data;
153    uint64_t rc4buff[8] = { 0 };
154    uint64_t packetkey;
155    uint32_t ms_keys[12];
156    uint64_t ms_state;
157    int i;
158    if (len < 16) {
159        for (i = 0; i < len; i++)
160            data[i] ^= key[i];
161        return;
162    }
163
164    av_rc4_init(&rc4, key, 12 * 8, 1);
165    av_rc4_crypt(&rc4, (uint8_t *)rc4buff, NULL, sizeof(rc4buff), NULL, 1);
166    multiswap_init((uint8_t *)rc4buff, ms_keys);
167
168    packetkey  = AV_RN64(&qwords[num_qwords * 8 - 8]);
169    packetkey ^= rc4buff[7];
170    av_des_init(&des, key + 12, 64, 1);
171    av_des_crypt(&des, (uint8_t *)&packetkey, (uint8_t *)&packetkey, 1, NULL, 1);
172    packetkey ^= rc4buff[6];
173
174    av_rc4_init(&rc4, (uint8_t *)&packetkey, 64, 1);
175    av_rc4_crypt(&rc4, data, data, len, NULL, 1);
176
177    ms_state = 0;
178    for (i = 0; i < num_qwords - 1; i++, qwords += 8)
179        ms_state = multiswap_enc(ms_keys, ms_state, AV_RL64(qwords));
180    multiswap_invert_keys(ms_keys);
181    packetkey = (packetkey << 32) | (packetkey >> 32);
182    packetkey = av_le2ne64(packetkey);
183    packetkey = multiswap_dec(ms_keys, ms_state, packetkey);
184    AV_WL64(qwords, packetkey);
185}
186