Does anyone know if DVD-ioctls are standardized under Unix? My
impression is that they aren't yet, but if so, any pointers would be
appreciated. I've created a reasonable standard and implementation.
When I get a web page ready in a few days and clean stuff up a bit,
I'll put the patches and stuff there for the following stuff.
I've extended cdrom.h for 3 new DVD-related ioctls, and modified
cdrom.[ch] and ide-cd.[ch] for DVDs (note for ide-cd, if the drive
isn't a DVD device (CD) they will gracefully return EINVAL). They
worked fine before as ATAPI CD devices, but you couldn't do DVD
specific things (naturally).
I've modifed cdrom and ide-cd to detect if the drive is a DVD-ROM or
DVD-RAM, and have implemented the following ioctls for DVDs, based on
the recent MMC-2 C/DVD packet command interface:
The DVD_READ_STRUCT lets you obtain info for the following items:
#define DVD_READ_STRUCT 0x5390 /* read DVD structures */
#define DVD_REPORT_KEY 0x5391 /* DVD CSS key reporting */
#define DVD_SEND_KEY 0x5392 /* DVD CSS key sending */
The related unions and structs are also included, and Ive implemented
them for ATAPI DVD devices. Also, I've added the sensible error
messages if authentication fails or if you try to read scrambled
sectors. Each of those ioctls have subfunctions, which are given in
the sent union structure.
Now, for Unix DVD players which need to do CSS related authentication
with the drive, I've provided the DVD_REPORT_KEY and DVD_SEND_KEY
ioctls, in addition to the DVD_READ_STRUCT with the
DVD_STRUCT_DISCKEY. These together can be used to create the secure
channel in which a DVD decoding hardware can 1) unlock sectors, and 2)
decrypt the modified DES encrypted MPEG-2 Video streams inside the
system streams. For those of you not familiar with the authentication
process, I'm going to try to work up a web page on Linux DVD soon.
CSS authentication involves a combination of asymmetric encryption to
transfer the symmetric modified DES key, for which the MPEG-2 Video
stream is encoded at manufacturing time in (modifed DES). In this
way, the middle man doesn't have to know anything about encryption,
while the data remains protected.
Note these ioctls have absolutely nothing to do with the actual CSS
algorithm, which is something you can only get under NDA (and btw, I
have _no_ interest in seeing CSS `broken' at all). This is just
related to the authentication process, and is somewhat similar to how
Windows does it with the new DirectShow stuff. Basically, a secure
channel is created in which to transfer the disc key (which itself is
secured through encryption). So, with DVD hardware which has a CSS
chip and the DVD drive, you can perform proper authentication. Here
is an example of a failed CSS authentication with a program which uses
these ioctls (of course, I still do not have docs for my C-Cube Ziva
DS on my Creative Encore, so if anyone wants to send me some or a
contant at C-Cube that would be great. I would be willing to go under
NDA if it is the only way):
Authentication ID 3 granted
Sending random 80-bit challenge: 675266e0fed440629450
Received 40-bit authentication key: 22d1a8240d
Recieved 80-bit challenge: 1bd14b85c06b58773576
Create 40-bit key 2 (?)
Sending key 2: 0000000000
ioctl send key 2: Input/output error
Which results in a log message from ide-cd of:
kernel: ATAPI device hdc:
kernel: Error: Illegal request -- (Sense key=0x05)
kernel: Copy protection key exchange failure (authentication failure) -- (asc=0x6f, ascq=0x00)
Reading of a scramble in this case would yield something like:
kernel: ATAPI device hdc:
kernel: Error: Illegal request -- (Sense key=0x05)
kernel: Read of scrambled sector without authentication -- (asc=0x6f, ascq=0x03)
These ioctls could be implmemented easily for SCSI DVD-ROMs, I'm sure.
Any comments or suggestions or help are gracefully accepted.
Andrew
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/faq.html