GCM #21
Merged
GCM #21
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CBC, for publication resources, and content-key (this last one is arguably not necessary, but the config option is available in the LCP server)
|
Cross posting from the Go server PR: There are several AES-256 encryptors (I documented this in the README):
|
the content key algorithm (see server readium/readium-lcp-server@7cda4ad )
…of 12 bytes, tag overhead of 16 bytes, and authenticated encryption verification (GHASH HMAC) without additional data. PROBLEM: not sure how to seek for audio/video streaming (partial HTTP byte range request). Need to test, but pretty sure the current block-align algorithm fails, and even if succeeds, auth verif will fail because MAC_AT_END)
network timeout results in authorized license reading, whereas user cancellation abandons the attempt to read the encrypted EPUB
utility function (plus, I disabled code that isn't used, using the existing USE_NET_PROVIDER preprocessor directive)
video/audio streaming, and added key building based on start of data stream, followed by block-level decryption (not working, I get a 4-byte overflow which is exactly CryptoPP::AES::BLOCKSIZE / authentication tag (16 bytes) minus the initialization vector (12 bytes)...not sure why yet.
audio/video streaming (GCM decryption)
12-bytes initialization vector). Videos now play the first milliseconds, but decrypted cypher stream is subsequently totally scrambled.
basic CBC-like initialization vector / key setup (fails)
|
Merging now with non-working AES-256-GCM decryption of partial buffers (HTTP byte range requests). CryptoPP does not seem to implement "seeking" in the pipelining API (pump() etc.) which would make it easy to synchronize the IV / key in order to decode blocks of data at random access locations in the cypher text. TODO (will post a separate issue) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
compiling implementation of AES GCM (needs testing) as alternative to CBC, for publication resources, and content-key (this last one is arguably not necessary, but the config option is available in the LCP server)