Crate oxideav_aacs 

Pure-Rust, clean-room AACS (Advanced Access Content System) decryption library, implementing the publicly-published AACS LA technical specifications Common Final 0.953 (Oct 2012) and BD-Prerecorded Final 0.953 (Oct 2012).

See the crate README.md for an overview, the per-module spec mapping, and the legal-hygiene notes. The full pipeline is:

Device Key + MKB              KEYDB.cfg
    |  (subdiff)                  | (direct)
    v                              v
  Media Key (K_m)                  |
    |  AES-G(K_m, ID_v)           |
    v                              |
  Volume Unique Key (K_vu)  <-----+
    |  AES-128D(K_vu, EncCpsUnitKey)
    v
  CPS Unit Key (K_cu)
    |  BlockKey = AES-128E(K_cu, seed) XOR seed,
    |  then AES-128-CBC-decrypt under BlockKey with IV0
    v
  Decrypted Aligned Unit (6144 B)

This crate has no real-disc fixtures, no embedded Device Keys, no embedded Processing Keys, and no disc-specific test vectors — every test constructs its own key material and roundtrips through encrypt → parse → decrypt.

Re-exports

pub use crate::ake::aacs_la_pub_point;

pub use crate::ake::build_signed_certificate;

pub use crate::ake::bus_key_from_point;

pub use crate::ake::host_authenticate;

pub use crate::ake::read_verified_volume_id;

pub use crate::ake::AkeResult;

pub use crate::ake::Certificate;

pub use crate::ake::DriveAuthState;

pub use crate::ake::HostCredentials;

pub use crate::ake::AACS_LA_PUB_X;

pub use crate::ake::AACS_LA_PUB_Y;

pub use crate::ake::BUS_KEY_LEN;

pub use crate::ake::CERT_TYPE_DRIVE;

pub use crate::ake::CERT_TYPE_HOST;

pub use crate::cht::hash_value_of_unit;

pub use crate::cht::ClipDescriptor;

pub use crate::cht::ContentHashTable;

pub use crate::cht::HASH_UNIT_SIZE;

pub use crate::cht::HASH_VALUE_SIZE;

pub use crate::cht::LOGICAL_SECTORS_PER_HASH_UNIT;

pub use crate::cht::LOGICAL_SECTOR_SIZE;

pub use crate::content::decrypt_aligned_unit;

pub use crate::content::encrypt_aligned_unit;

pub use crate::content::ALIGNED_UNIT_SIZE;

pub use crate::content_certificate::usage_rules_hash;

pub use crate::content_certificate::BdFormatSpecificSection;

pub use crate::content_certificate::ContentCertificate;

pub use crate::content_certificate::ContentCertificateId;

pub use crate::content_certificate::ContentSequenceNumber;

pub use crate::content_certificate::CERTIFICATE_TYPE_FIRST_GEN;

pub use crate::content_certificate::CONTENT_HASH_TABLE_DIGEST_LEN;

pub use crate::content_certificate::SIGNATURE_DATA_LEN;

pub use crate::crl::ContentRevocationList;

pub use crate::crl::CrlSegment;

pub use crate::crl::ManagedCopyServerCertificateId;

pub use crate::crl::RecordableMediaRevocation;

pub use crate::crl::RecordableMediaType;

pub use crate::crl::RevocationRecord;

pub use crate::crl::CRL_HEADER_LEN;

pub use crate::crl::LIST_TYPE_FIRST_GEN;

pub use crate::crl::RECORD_TYPE_CONTENT_CERTIFICATE_ID;

pub use crate::crl::RECORD_TYPE_MANAGED_COPY_SERVER_ID;

pub use crate::crl::RECORD_TYPE_RMRR_PART_1;

pub use crate::crl::RECORD_TYPE_RMRR_PART_2;

pub use crate::crl::RECORD_TYPE_RMRR_PART_3;

pub use crate::crl::REVOCATION_RECORD_LEN;

pub use crate::crl::SEGMENT_1_SIZE_MAX;

pub use crate::crl::SEGMENT_SIGNATURE_LEN;

pub use crate::ec::Fp;

pub use crate::ec::Point;

pub use crate::ec::U160;

pub use crate::ecdsa::sign;

pub use crate::ecdsa::sign_with_k;

pub use crate::ecdsa::verify;

pub use crate::ecdsa::Signature;

pub use crate::error::AacsError;

pub use crate::keydb::DeviceKeyRecord;

pub use crate::keydb::DiscRecords;

pub use crate::keydb::DriveCertRecord;

pub use crate::keydb::HostCertRecord;

pub use crate::keydb::KeyDb;

pub use crate::keydb::KeyDbEntry;

pub use crate::keydb::ParseReport;

pub use crate::keydb::ProcessingKey;

pub use crate::keydb::SkippedLine;

pub use crate::mkb::Mkb;

pub use crate::mkb::MkbType;

pub use crate::mkb::RevocationEntry;

pub use crate::mkb::RevocationSignatureBlock;

pub use crate::mkb::SubsetDifferenceEntry;

pub use crate::mmc::build_send_disc_structure_write_data_key;

pub use crate::mmc::build_send_key_host_cert_chal;

pub use crate::mmc::build_send_key_host_key;

pub use crate::mmc::parse_bus_encryption_sector_extents_response;

pub use crate::mmc::parse_data_keys_response;

pub use crate::mmc::parse_media_id_response;

pub use crate::mmc::parse_media_serial_response;

pub use crate::mmc::parse_mkb_pack_response;

pub use crate::mmc::parse_report_key_agid;

pub use crate::mmc::parse_report_key_binding_nonce;

pub use crate::mmc::parse_report_key_drive_cert;

pub use crate::mmc::parse_report_key_drive_cert_chal;

pub use crate::mmc::parse_report_key_drive_key;

pub use crate::mmc::parse_send_disc_structure_write_data_key;

pub use crate::mmc::parse_send_key_host_cert_chal;

pub use crate::mmc::parse_send_key_host_key;

pub use crate::mmc::parse_volume_id_response;

pub use crate::mmc::AgidResponse;

pub use crate::mmc::BindingNonceResponse;

pub use crate::mmc::BusEncryptionSectorExtent;

pub use crate::mmc::BusEncryptionSectorExtentsResponse;

pub use crate::mmc::DataDirection;

pub use crate::mmc::DataKeysResponse;

pub use crate::mmc::DriveCertChallengeResponse;

pub use crate::mmc::DriveCertResponse;

pub use crate::mmc::DriveCommand;

pub use crate::mmc::DriveKeyResponse;

pub use crate::mmc::MediaIdentifierResponse;

pub use crate::mmc::MediaSerialNumberResponse;

pub use crate::mmc::MkbPackResponse;

pub use crate::mmc::ReadDiscStructure;

pub use crate::mmc::ReportKey;

pub use crate::mmc::ScsiResponse;

pub use crate::mmc::SendDiscStructure;

pub use crate::mmc::SendKey;

pub use crate::mmc::VolumeIdResponse;

pub use crate::self_check::aacs_la_pub_self_check;

pub use crate::self_check::ake_ecdh_self_check;

pub use crate::self_check::curve_self_check;

pub use crate::subdiff::aes_g3;

pub use crate::subdiff::applies_to_device;

pub use crate::subdiff::apply_key_conversion_data;

pub use crate::subdiff::derive_processing_key;

pub use crate::subdiff::SubsetDifference;

pub use crate::unit_key::CpsUnitRecord;

pub use crate::unit_key::UnitKeyFile;

pub use crate::unit_key::UnitKeyFileHeader;

pub use crate::volume::AacsVolume;

pub use crate::volume::CpsUnit;

pub use crate::volume::DeviceKey;

pub use crate::volume::TitleKey;

pub use crate::vuk::derive_vuk;

pub use crate::vuk::Vuk;

Modules

aes

AES-based cryptographic primitives used by AACS.

ake

Phase C — Drive-Host Authentication & Key Exchange (AKE).

cht

Content Hash Table (CHT) parsing and per-Hash-Unit integrity verification per BD-Prerecorded Final 0.953 §2.3.

content

AACS content scrambling on the Aligned Unit per BD-Prerecorded spec §3.10.

content_certificate

Signed Content Certificate parse and verification per AACS Pre-recorded Video Book §2.4 / §2.5 / §2.6, with the BD-Prerecorded Final 0.953 Format-Specific Section per BD-Prerecorded Table 2-1 decoded out.

crl

Content Revocation List (CRL) parse, per-segment ECDSA verify, and revocation-record lookup per AACS Pre-recorded Video Book Final 0.953 §2.7 (Tables 2-2 / 2-3 / 2-4 / 2-5).

ec

Phase C — elliptic-curve arithmetic over the AACS 160-bit curve.

ecdsa

Phase C — ECDSA over the AACS 160-bit curve (AACS_Sign / AACS_Verify).

error

Error type for the crate.

keydb

KEYDB.cfg parser — the de-facto community AACS key-material database file format described in docs/container/aacs/keydb-cfg-format.md.

mkb

Media Key Block parser per Common spec §3.2.5.

mmc

Phase B — SCSI MMC drive command layer.

self_check

Round 211 — AACS Drive-Host AKE elliptic-curve round-trip self-checks.

subdiff

AACS Subset-Difference broadcast-encryption tree walk (Common spec §3.2.1 — §3.2.4).

unit_key

Unit_Key_RO.inf parser per BD-Prerecorded spec §3.9.3.

volume

Disc-level integration: walk an AACS/ directory, parse the MKB + Unit_Key_RO.inf, and expose the per-CPS-Unit decryption surface.

vuk

Volume Unique Key derivation per BD-Prerecorded spec §3.3.

Type Aliases

Result

Result alias used throughout the crate.