Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HLS identity key format added inappropriately #1439

Open
joeyparrish opened this issue Oct 10, 2024 · 4 comments
Open

HLS identity key format added inappropriately #1439

joeyparrish opened this issue Oct 10, 2024 · 4 comments
Assignees
Labels
component: Common DRM System The issue involves the "Common" DRM System component: HLS The issue involves HLS output component: raw key encryption The issue involves raw key encryption settings component: Widevine The issue involves Widevine DRM priority: P0 Broken for everyone; no workaround; urgent

Comments

@joeyparrish
Copy link
Member

System info

Operating System: ChromeOS with Debian container
Shaka Packager Version: v3.2.0 and current main (f07fd0d), but bug may date back to 2020 (665e784 and v2.5.0)

Issue and steps to reproduce the problem

Asking for Widevine only in HLS should not result in the identity key format being added as well. This effectively leaks Widevine content keys.

Discovered while updating and debugging Shaka Streamer test cases.

Packager Command:

packager 'in=tmp1,stream=video,init_segment=output_files/video_144p_108k_h264_init.mp4,segment_template=output_files/video_144p_108k_h264_$Number$.mp4' --quiet --segment_duration 4 --generate_static_live_mpd --mpd_output output_files/dash.mpd --hls_playlist_type VOD --hls_master_playlist_output output_files/hls.m3u8 --enable_widevine_encryption --key_server_url https://license.uat.widevine.com/cenc/getcontentkey/widevine_test --content_id 3FDD22DBF8A7ECB92F071A1A4B1FC7FA --signer widevine_test --aes_signing_key 1ae8ccd0e7985cc0b6203a55855a1034afc252980e970ca90e5202689f947ab9 --aes_signing_iv d58ce954203b7c9a9a9d467f59839249 --protection_scheme cenc --clear_lead 0

What is the expected result?

Something like #EXT-X-KEY:METHOD=SAMPLE-AES-CTR,URI="data:text/plain;base64,AAAAOHBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAABgiED/dItv4p+y5LwcaGksfx/pI49yVmwY=",KEYID=0x2dfddc4a6a7c5136bb68bb314887eed5,KEYFORMATVERSIONS="1",KEYFORMAT="urn:uuid:edef8ba9-79d6-4ace-a3c8-27dcd51d21ed" in the media playlist.

What happens instead?

We also get #EXT-X-KEY:METHOD=SAMPLE-AES-CTR,URI="data:text/plain;base64,Lf3cSmp8UTa7aLsxSIfu1Q==",KEYFORMAT="identity"

<Please attach the input files or email to shaka-packager-issues@google.com.>

This is a 1-second MP4 clip used in the above command, but I expect other inputs might work with the same parameters: tmp1.zip

@joeyparrish joeyparrish added component: HLS The issue involves HLS output priority: P0 Broken for everyone; no workaround; urgent component: Common DRM System The issue involves the "Common" DRM System component: Widevine The issue involves Widevine DRM component: raw key encryption The issue involves raw key encryption settings labels Oct 10, 2024
@joeyparrish joeyparrish self-assigned this Oct 10, 2024
@joeyparrish
Copy link
Member Author

It's not clear to me what this logic was supposed to do in FillPsshGenerators in packager/media/crypto/encryption_handler.cc, but this is where the extra key format gets added to HLS output:

  if (pssh_generators->empty() && no_pssh_systems->empty() &&
      (encryption_params.key_provider != KeyProvider::kRawKey ||
       encryption_params.raw_key.pssh.empty())) {
    pssh_generators->emplace_back(new CommonPsshGenerator());
  }

It was added in f07fd0d, which was supposed to move key logic from one place to another, but there's no equivalent to this logic in the original location AFAICT.

@joeyparrish
Copy link
Member Author

Using old docker images, I have confirmed that this bug was present in the v2.5.0 release, but not in v2.4.3.

@joeyparrish
Copy link
Member Author

Simply removing that stanza doesn't seem to be the right fix. That appears to add the common PSSH to DASH outputs, which is appropriate and doesn't leak the key. But that common PSSH generator translates to the identity key format for HLS, which feels wrong.

@xavierlaffargue
Copy link

xavierlaffargue commented Jan 19, 2025

@joeyparrish Correct me if I've wrong, but I think FillPsshGenerators in encryption_handler.cc should only be called if raw key is used.
And then the common key will not be added.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component: Common DRM System The issue involves the "Common" DRM System component: HLS The issue involves HLS output component: raw key encryption The issue involves raw key encryption settings component: Widevine The issue involves Widevine DRM priority: P0 Broken for everyone; no workaround; urgent
Projects
None yet
Development

No branches or pull requests

2 participants