mirror of https://github.com/devine-dl/devine.git
fix(HLS): Decrypt AES-encrypted segments separately
We cannot merge all the encrypted AES-128-CBC (ClearKey) segments and then decrypt them in one go because each segment should be padded to a 16-byte boundary in CBC mode. Since it uses PKCS#5 or #7 style (cant remember which) then the merged file has a 15 in 16 chance to fail the boundary check. And in the 1 in 16 odds that it passes the boundary check, it will not decrypt properly as each segment's padding will be treated as actual data, and not padding.
This commit is contained in:
rlaphoenix
parent
e57d755837
commit
3426fc145f
|
|
@ -387,15 +387,27 @@ class HLS:
|
||||||
elif len(files) != range_len:
|
elif len(files) != range_len:
|
||||||
raise ValueError(f"Missing {range_len - len(files)} segment files for {segment_range}...")
|
raise ValueError(f"Missing {range_len - len(files)} segment files for {segment_range}...")
|
||||||
|
|
||||||
merge(
|
if isinstance(drm, Widevine):
|
||||||
to=merged_path,
|
# with widevine we can merge all segments and decrypt once
|
||||||
via=files,
|
merge(
|
||||||
delete=True,
|
to=merged_path,
|
||||||
include_map_data=True
|
via=files,
|
||||||
)
|
delete=True,
|
||||||
|
include_map_data=True
|
||||||
drm.decrypt(merged_path)
|
)
|
||||||
merged_path.rename(decrypted_path)
|
drm.decrypt(merged_path)
|
||||||
|
merged_path.rename(decrypted_path)
|
||||||
|
else:
|
||||||
|
# with other drm we must decrypt separately and then merge them
|
||||||
|
# for aes this is because each segment likely has 16-byte padding
|
||||||
|
for file in files:
|
||||||
|
drm.decrypt(file)
|
||||||
|
merge(
|
||||||
|
to=merged_path,
|
||||||
|
via=files,
|
||||||
|
delete=True,
|
||||||
|
include_map_data=True
|
||||||
|
)
|
||||||
|
|
||||||
events.emit(
|
events.emit(
|
||||||
events.Types.TRACK_DECRYPTED,
|
events.Types.TRACK_DECRYPTED,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue