oxideav-aacs 0.1.3

Clean-room AACS Common 0.953 + BD-Prerecorded 0.953 decryption library — KEYDB.cfg / MKB / Unit_Key_RO.inf parsers, AES-128-CBC content scrambling, Subset-Difference tree walk, VUK derivation, Title Key unwrap
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

//! Pure-Rust, clean-room AACS (Advanced Access Content System)
//! decryption library, implementing the publicly-published AACS LA
//! technical specifications **Common Final 0.953** (Oct 2012) and
//! **BD-Prerecorded Final 0.953** (Oct 2012).
//!
//! See the crate `README.md` for an overview, the per-module spec
//! mapping, and the legal-hygiene notes. The full pipeline is:
//!
//! ```text
//! Device Key + MKB              KEYDB.cfg
//!     |  (subdiff)                  | (direct)
//!     v                              v
//!   Media Key (K_m)                  |
//!     |  AES-G(K_m, ID_v)           |
//!     v                              |
//!   Volume Unique Key (K_vu)  <-----+
//!     |  AES-128D(K_vu, EncCpsUnitKey)
//!     v
//!   CPS Unit Key (K_cu)
//!     |  BlockKey = AES-128E(K_cu, seed) XOR seed,
//!     |  then AES-128-CBC-decrypt under BlockKey with IV0
//!     v
//!   Decrypted Aligned Unit (6144 B)
//! ```
//!
//! This crate has **no real-disc fixtures**, no embedded Device Keys,
//! no embedded Processing Keys, and no disc-specific test vectors —
//! every test constructs its own key material and roundtrips through
//! encrypt → parse → decrypt.

#![forbid(unsafe_code)]
#![deny(missing_docs)]
#![deny(rust_2018_idioms)]

pub mod aes;
pub mod ake;
pub mod cht;
pub mod content;
pub mod content_certificate;
pub mod crl;
pub mod ec;
pub mod ecdsa;
pub mod error;
pub mod keydb;
pub mod mkb;
pub mod mmc;
pub mod self_check;
pub mod subdiff;
pub mod unit_key;
pub mod volume;
pub mod vuk;

pub use crate::ake::{
    aacs_la_pub_point, build_signed_certificate, bus_key_from_point, host_authenticate,
    read_verified_volume_id, AkeResult, Certificate, DriveAuthState, HostCredentials,
    AACS_LA_PUB_X, AACS_LA_PUB_Y, BUS_KEY_LEN, CERT_TYPE_DRIVE, CERT_TYPE_HOST,
};
pub use crate::cht::{
    hash_value_of_unit, ClipDescriptor, ContentHashTable, HASH_UNIT_SIZE, HASH_VALUE_SIZE,
    LOGICAL_SECTORS_PER_HASH_UNIT, LOGICAL_SECTOR_SIZE,
};
pub use crate::content::{decrypt_aligned_unit, encrypt_aligned_unit, ALIGNED_UNIT_SIZE};
pub use crate::content_certificate::{
    usage_rules_hash, BdFormatSpecificSection, ContentCertificate, ContentCertificateId,
    ContentSequenceNumber, CERTIFICATE_TYPE_FIRST_GEN, CONTENT_HASH_TABLE_DIGEST_LEN,
    SIGNATURE_DATA_LEN,
};
pub use crate::crl::{
    ContentRevocationList, CrlSegment, ManagedCopyServerCertificateId, RecordableMediaRevocation,
    RecordableMediaType, RevocationRecord, CRL_HEADER_LEN, LIST_TYPE_FIRST_GEN,
    RECORD_TYPE_CONTENT_CERTIFICATE_ID, RECORD_TYPE_MANAGED_COPY_SERVER_ID,
    RECORD_TYPE_RMRR_PART_1, RECORD_TYPE_RMRR_PART_2, RECORD_TYPE_RMRR_PART_3,
    REVOCATION_RECORD_LEN, SEGMENT_1_SIZE_MAX, SEGMENT_SIGNATURE_LEN,
};
pub use crate::ec::{Fp, Point, U160};
pub use crate::ecdsa::{sign, sign_with_k, verify, Signature};
pub use crate::error::AacsError;
pub use crate::keydb::{
    DeviceKeyRecord, DiscRecords, DriveCertRecord, HostCertRecord, KeyDb, KeyDbEntry, ParseReport,
    ProcessingKey, SkippedLine,
};
pub use crate::mkb::{
    Mkb, MkbType, RevocationEntry, RevocationSignatureBlock, SubsetDifferenceEntry,
};
pub use crate::mmc::{
    build_send_disc_structure_write_data_key, build_send_key_host_cert_chal,
    build_send_key_host_key, parse_bus_encryption_sector_extents_response,
    parse_data_keys_response, parse_media_id_response, parse_media_serial_response,
    parse_mkb_pack_response, parse_report_key_agid, parse_report_key_binding_nonce,
    parse_report_key_drive_cert, parse_report_key_drive_cert_chal, parse_report_key_drive_key,
    parse_send_disc_structure_write_data_key, parse_send_key_host_cert_chal,
    parse_send_key_host_key, parse_volume_id_response, AgidResponse, BindingNonceResponse,
    BusEncryptionSectorExtent, BusEncryptionSectorExtentsResponse, DataDirection, DataKeysResponse,
    DriveCertChallengeResponse, DriveCertResponse, DriveCommand, DriveKeyResponse,
    MediaIdentifierResponse, MediaSerialNumberResponse, MkbPackResponse, ReadDiscStructure,
    ReportKey, ScsiResponse, SendDiscStructure, SendKey, VolumeIdResponse,
};
// `MockDrive` is a `test-util`-gated synthetic-drive fixture, not part of
// the default public API. See the `test-util` cargo feature.
#[cfg(any(test, feature = "test-util"))]
pub use crate::mmc::MockDrive;
pub use crate::self_check::{aacs_la_pub_self_check, ake_ecdh_self_check, curve_self_check};
// `ake_full_self_check` + `all_self_checks` drive the `test-util`-gated
// `MockDrive`, so they are gated together behind `test-util`.
#[cfg(any(test, feature = "test-util"))]
pub use crate::self_check::{ake_full_self_check, all_self_checks};
pub use crate::subdiff::{
    aes_g3, applies_to_device, apply_key_conversion_data, derive_processing_key, SubsetDifference,
};
pub use crate::unit_key::{CpsUnitRecord, UnitKeyFile, UnitKeyFileHeader};
pub use crate::volume::{AacsVolume, CpsUnit, DeviceKey, TitleKey};
pub use crate::vuk::{derive_vuk, Vuk};

/// Result alias used throughout the crate.
pub type Result<T> = core::result::Result<T, AacsError>;