def decrypt_openssl(data, passphrase, key_length=32):
if data.startswith(b"Salted__"):
salt = data[len(b"Salted__"):crypto_AES.block_size]
key, iv = evp_bytestokey(passphrase, salt, key_length,
crypto_AES.block_size)
d = crypto_AES.new(key, crypto_AES.MODE_CBC, iv)
out = d.decrypt(data[crypto_AES.block_size:])
return unpad_pkcs5(out)
def decrypt_stream_url(encoded_url):
data = base64.b64decode(encoded_url)
cipher_text = binascii.unhexlify(data[96:])
decryptor = crypto_AES.new(binascii.unhexlify(data[32:96]),
crypto_AES.MODE_CBC,
binascii.unhexlify(data[:32]))
return unpad_pkcs5(decryptor.decrypt(cipher_text)).decode("utf8")
def create_decryptor(self, key, sequence):
if key.method != "AES-128":
raise StreamError("Unable to decrypt cipher {0}", key.method)
if not key.uri:
raise StreamError("Missing URI to decryption key")
if self.key_uri != key.uri:
res = self.session.http.get(key.uri,
exception=StreamError,
retries=self.retries,
**self.reader.request_params)
self.key_data = res.content
self.key_uri = key.uri
iv = key.iv or num_to_iv(sequence)
# Pad IV if needed
iv = b"\x00" * (16 - len(iv)) + iv
return crypto_AES.new(self.key_data, crypto_AES.MODE_CBC, iv)
def create_decryptor(self, key, sequence):
if key.method != "AES-128":
raise StreamError("Unable to decrypt cipher {0}", key.method)
if not key.uri:
raise StreamError("Missing URI to decryption key")
if self.key_uri != key.uri:
new_key_uri = key.uri
if self.user_key_uri is not None:
# Repair a broken key-uri
self.logger.debug("Old key-uri: {0}".format(new_key_uri))
parsed_uri = urlparse(new_key_uri)
new_key_uri = self.user_key_uri
new_data_list = [
(r"@scheme@", "{0}://".format(parsed_uri.scheme)),
(r"@netloc@", parsed_uri.netloc),
(r"@path@", parsed_uri.path),
(r"@query@", "?{0}".format(parsed_uri.query)),
]
for _at_re, _old_data in new_data_list:
new_key_uri = re.sub(_at_re, _old_data, new_key_uri)
self.logger.debug("New key-uri: {0}".format(new_key_uri))
res = self.session.http.get(new_key_uri,
exception=StreamError,
retries=self.retries,
**self.reader.request_params)
self.key_data = res.content
self.key_uri = key.uri
iv = key.iv or num_to_iv(sequence)
# Pad IV if needed
iv = b"\x00" * (16 - len(iv)) + iv
return crypto_AES.new(self.key_data, crypto_AES.MODE_CBC, iv)
def encrypt(data, key, iv):
aesCipher = crypto_AES.new(key, crypto_AES.MODE_CBC, iv)
encrypted_data = aesCipher.encrypt(pkcs7_encode(data, len(key)))
return encrypted_data
def decrypt_data(self, key, iv, data):
decryptor = crypto_AES.new(key, crypto_AES.MODE_CBC, iv)
return decryptor.decrypt(data)
def aes_decrypt(key, ciphertext):
aes = crypto_AES.new(key, crypto_AES.MODE_CBC, crypto_number.long_to_bytes(0, crypto_AES.block_size))
plaintext = aes.decrypt(base64.b64decode(ciphertext))
plaintext = plaintext.strip(b"\0")
return plaintext.decode("utf-8")
def aes_encrypt(key, plaintext):
plaintext = plaintext.encode("utf-8")
aes = crypto_AES.new(key, crypto_AES.MODE_CBC, crypto_number.long_to_bytes(0, crypto_AES.block_size))
if len(plaintext) % crypto_AES.block_size != 0:
plaintext += b"\0" * (crypto_AES.block_size - len(plaintext) % crypto_AES.block_size)
return base64.b64encode(aes.encrypt(plaintext))