HDCP Encryption/Decryption Code Released

← Back to Stories (view on slashdot.org)

HDCP Encryption/Decryption Code Released

Posted by timothy on Wednesday September 29, 2010 @12:06AM from the didn't-take-long dept.

rtj writes "We have released an open-source (BSD licensed) implementation of the HDCP encryption/decryption algorithms. The code includes the block cipher, stream cipher, and hashing algorithms necessary to perform an HDCP handshake and to encrypt or decrypt video. The code passes the test vectors provided in the HDCP specification and can encrypt video at a rate of about 180 640x480 frames/second on a 2.33GHz Intel Xeon CPU. This isn't quite fast enough to decrypt 1080p content in real-time on a single core, but decryption can be parallelized across multiple cores. There are also many opportunities for further optimisation, such as using SSE instructions. We are releasing the code in hopes that others will further optimize it and use it in their HDCP-related projects."

27 of 225 comments (clear)

Min score:

Reason:

Sort:

No hardware? by gtvr · 2010-09-29 00:12 · Score: 3, Interesting

So does this negate Intel's statement that you can only do this if you build a chip with the code in it?
1. Re:No hardware? by Mathinker · 2010-09-29 00:18 · Score: 5, Informative
  
  Intel's statement had to do with the security of the use case of HDCP: digital video encrypted with HDCP being transported over HDMI cables. In other words, the hardware Intel claims is required, is specialized hardware which interfaces with HDMI ports. This software implementation is not interesting for cracking encrypted video if it cannot communicate with the Blu-Ray or other media player in question in a way which tricks the media player into thinking that the computer running the software is a certified display device.
2. Re:No hardware? by jamesh · 2010-09-29 00:31 · Score: 4, Insightful
  
  NEVER underestimate a determined hacker.
  Especially one who's been told it can't be done.
3. Re:No hardware? by norpy · 2010-09-29 00:34 · Score: 5, Informative
  
  Errrrr the point of this software is to perform the handshake which authenticates it as a legitimate source or sink device. The master key also allows you to simply generate a NEW device key if the one you are using happens to get blacklisted by a firmware update.
  
  The reason this is useful is not for bluray, it is for first-run broadcast content.
4. Re:No hardware? by icebraining · 2010-09-29 00:42 · Score: 3, Informative
  
  But the sink keys they used could be banned, no? Having the master key means you can't ban them, because you can generate any possible key.
  
  --
  Dilbert RSS feed
5. Re:No hardware? by KiloByte · 2010-09-29 01:03 · Score: 4, Interesting
  
  In other words, the HDCP hardware decryptor is more powerful than the main CPU. Even with the specialized-vs-generic advantage, just think about the power wasted encrypting/decrypting it for no reason but letting the cartel control the market market and the complexity of the electronics you have to buy with your own money.
  Every HDCP device should be slapped with a huge carbon and recycling tax -- with an extra punitive rate, since the waste is introduced intentionally.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
6. Re:No hardware? by blincoln · 2010-09-29 01:09 · Score: 4, Interesting
  
  In other words, the HDCP hardware decryptor is more powerful than the main CPU.
  I'm pretty sure it's not, given that the $50 video card I bought last week to run a second monitor at work has an HDMI port on it. If the chip were that powerful, it would be too expensive to put on a card that cheap.
  I'm sure this is just a case where specialized hardware is able to accomplish the task a lot more quickly than the first version of some software running on a general-purpose CPU.
  
  --
  "...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
7. Re:No hardware? by Goaway · 2010-09-29 01:20 · Score: 3, Informative
  
  In theory they could be banned, but in practice, due to sloppy distribution of keys, they can't ban them without breaking too many innocent devices, so they haven't.
8. Re:No hardware? by Andy+Dodd · 2010-09-29 01:24 · Score: 5, Insightful
  
  I think you greatly underestimate the advantage an ASIC has over a general purpose CPU (even the latest Intel CPUs with AES-NI) when it comes to crypto.
  How about you RTFA:
  "The HDCP cipher is designed to be efficient when implemented in hardware, but it is terribly inefficient in software, primarily because it makes extensive use of bit operations. Our implementation uses bit-slicing to achieve high speeds by exploiting bit-level parallelism. We have created a few high-level routines to make it as easy as possible to implement HDCP, as shown in the following example. "
  
  --
  retrorocket.o not found, launch anyway?
9. Re:No hardware? by Iphtashu+Fitz · 2010-09-29 01:34 · Score: 4, Insightful
  
  In other words, the HDCP hardware decryptor is more powerful than the main CPU.
  Um. No. Not at all. CPU's are highly generalized computational engines. A CPU's instruction set contains every instruction needed to perform every operation by a computer, including I/O to peripheral busses, etc. A GPU is a highly specialized processor designed to complement a CPU and offload graphics-specific computations that requires a large number of high speed mathematical computations. It's only purpose is to take data from the CPU and render it quickly for a display. The functionality of a GPU can be implemented in a CPU, although with a huge degradation in performance. The functionality of a CPU can not be implemented in a GPU.
  In summary:
  1. A CPU is the brain of the computer and the GPU is only meant to complement it.
  2. GPU's are specialized and cannot replace the function of a CPU.
  3. CPU's can perform the functions of a GPU but at a much slower speed.
  Every HDCP device should be slapped with a huge carbon and recycling tax -- with an extra punitive rate, since the waste is introduced intentionally.
  What a crock. Thanks to technologies like CUDA you can write your own programs that leverage the GPU's in your existing video cards. It's likely only a matter of time before you start to see GPU-based implementations of this code, which means the nVidia or ATI card in your existing PC could easily decrypt HDCP content in real-time. So are you willing to pay excessive taxes for the video card in your PC? When implemented in existing DVI & HDMI chipsets, HDCP really doesn't require all that much more physical overhead, certainly not enough to justify an absurd carbon tax. Highly specialized hardware like that is significantly more efficient than even the GPU in your PC.
10. Re:No hardware? by Amouth · 2010-09-29 01:52 · Score: 3, Informative
  
  even in theory they couldn't be banned because they have the master key - meaning they can create any and all keys on the fly and at will - the only way to "ban" them would be to not use HDCP and use something else..
  
  --
  '...if only "Jumping to a Conclusion" was an event in the Olympics.'
11. Re:No hardware? by KiloByte · 2010-09-29 02:13 · Score: 4, Insightful
  
  This is the "specialized-vs-generic advantage" I mentioned. You do waste a lot less power, but you still do waste it for no gain whatsoever.
  A parable: a crazy dictator ordered his workers to make a huge earth mound and then to level it, with nothing but shovels. Another dictator ordered his troops to make a mound of the same size and then level it, but this time he granted them heavy machinery. Which dictator uses his people better?
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
12. Re:No hardware? by SharpFang · 2010-09-29 02:14 · Score: 3, Informative
  
  This.
  Simple bit operations are vastly faster when implemented in silicon.
  Think of it. A simple "&" is 8 logic gates in silicon. In CPU it's a fetch value into register, reroute ALU to the bit-and operation, route source to source registers, target to target registers, select word sizes, perform the operation, fill the flag register in...
  Or take something else. Reverse order of bits in a word. First is last, last is first. A very common operation, and if I recall correctly, essential in FFT.
  
  i = (i & 0x55555555) << 1 | (i & 0xaaaaaaaa) >> 1; i = (i & 0x33333333) << 2 | (i & 0xcccccccc) >> 2; i = (i & 0x0f0f0f0f) << 4 | (i & 0xf0f0f0f0) >> 4; i = (i & 0x00ff00ff) << 8 | (i & 0xff00ff00) >> 8; i = (i & 0x0000ffff) << 16 | (i & 0xffff0000) >> 16;
  
  How many CPU cycles would that be...?
  Now in silicon, it takes 0 transistors. You just connect first input pin directly to last output pin, second to second-to-last and so on - "twist the ribbon 180 degrees". Zero cycles, zero transistors, speed - as long as the impulse takes to traverse a featureless path in silicon between the steps before and after this one.
  
  --
  45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
13. Re:No hardware? by somersault · 2010-09-29 02:27 · Score: 3, Insightful
  
  The one with shovels, because it's more entertaining?
  
  --
  which is totally what she said
14. Re:No hardware? by Anonymous Coward · 2010-09-29 03:34 · Score: 3, Insightful
  
  That's a clever argument: these chips do the job much more efficiently than CPUs, therefore they are free.
  "I merely murdered the man; it's not as though I also raped his wife, shot his dog, poisoned his well, and burned the house down. You should let me go."
  It's waste. If it served a useful purpose, perhaps it could be justified. Life is full of tradeoffs and we all value things differently. But in this case, the user payed for two chips (to encrypt and then decrypt) and electricity to run them, and got nothing for it. We're talking absolute zero here, without the faintest iota of mitigation.
  And the user didn't get to shop in a free market where he could avoid this; a cartel made sure that he couldn't watch movies without this unmitigated waste. That is seriously fucked up and a legitimate basis for government action.
15. Re:No hardware? by Panaflex · 2010-09-29 03:48 · Score: 3, Informative
  
  Again, the point being that specialized, dedicated circuits can far outperform software on a predetermined algorithm. HDCP is a subset of the AES cypher, and is pretty heavy on the CPU. I've implemented AES on nVidia's CUDA and it would be difficult to get better then 50MB/sec. A 1080p30 stream should use a little less than 60 MB/sec - so it's going to be work, but considering HDCP is less complicated, it should be doable.
  
  --
  I said no... but I missed and it came out yes.
16. Re:No hardware? by Alphathon · 2010-09-29 03:48 · Score: 3, Informative
  
  HDMI port != HDMI cable. The active hardware has to output audio and be HDCP 1.1 compliant to be HDMI. An HDMI-DVI adapter is not active hardware, but a cable (or dongle; but as far as the tech goes they are the same anyway) so is not subject to the same standards. However, I am fairly certain that such adapters cannot be HDMI certified, therefore cannot display the HDMI logo (but can be labelled as HDMI, since saying that it converts DVI->HDMI or vice versa is not false advertising).
  Now I think about it, I don't know if HDMI outputs are required to have audio, but certainly all inputs are required to accept at least stereo LPCM (which is why HDMI equipped monitors have audio-outs), so I may have got a little muddled up there.
Re:That was quick by Anonymous Coward · 2010-09-29 00:20 · Score: 3, Funny

HDCP is dead.
Netcraft confirms it!
GPU Implementation by Alias14 · 2010-09-29 00:33 · Score: 5, Insightful

I guess the next logical step would be a GPU implementation....
Re:Congrats! by Bert64 · 2010-09-29 00:47 · Score: 4, Interesting

It just means you can't do it in realtime on a 2.5ghz core2... Nothing to stop you dumping the encrypted data somewhere and decrypting it later.
Also consider a 2.5GHz Core2 isn't all that modern, and it doesn't even specify wether this cpu is dual or quad core. With 6, 8 and even 12 core processors available, plus the possibility to parallelize over multiple processors 60fps is quite achievable today.
There is also the possibility of using a GPU to do this.

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Transforming the numbers (Re:Congrats!) by Eivind+Eklund · 2010-09-29 01:02 · Score: 3, Informative

Those rates are for a single core. They say that decrypting 1080p is ~7x slower than 640x480, which correspond well to 1080p having 6.75x more pixels.
However, there's no reason for this to be restricted to run on a single core or a single machine. If somebody were to use this for distributing a real time stream (e.g, a sports broadcast) there's no particular reason to not just have each recipient of the stream do their share of the decryption.
Running the number, getting 60 frames of 1080p from the Core 2 requires 5.33 cores, which would correspond to three dual-core machines. This means you can't, with today's machines, just share it with your friend if you both have dual core Core2 machines - but with two friends it should work, assuming enough bandwidth available from each of the friends: 3Gbit/s for the full unencrypted stream, plus 1Gbit/s down for the stream to be decrypted, plus 1Gbit/s up for the part of the stream decrypted on that machine.
You'll also get real time decryption on a single Gulftown CPU: E.g, a Core i7-980X runs 3200MHz and has 6 cores.

--
Doubting the existence of evolution is like doubting the existence of China: It just shows that you're uninformed.
Re:Congrats! by cbope · 2010-09-29 01:06 · Score: 3, Informative

60fps, why? That is 2x real-time, or a bit more than 2x if the source is 24fps. Once they are able to break 30fps decrypting in real-time, this is golden. It's only the first step, but it's an important milestone.
Re:What would be the issues with a hardware versio by mike260 · 2010-09-29 01:48 · Score: 4, Informative

There are already bootleg hardware HDCP strippers on the market. It used to be possible to shut down these devices by revoking their keys, but that's now gone out the window with the master-key leak. Expect the next generation of devices to let you upload new keys to them, or maybe generate new keys themselves.
Software decryption is kinda interesting but you're right, hardware is where it's at.
dencryption consumes 1% of US power by Anonymous Coward · 2010-09-29 02:16 · Score: 3, Interesting

When you watch a DVD or Bluray, the content is decrypted, then encrypted and decrypted again for HDCP.
A significant amount of energy is devoted to protecting the pre-internet business model.
This will only get worse over time, as media gets larger and media companies more aggressively cling to the old business model.
It took more than 100 years for the world to really adjust to the printing press. I assume at least the same time period for the Internet, before we can have our enlightenment period.
DRM is so costly, it should be forbidden. by wvmarle · 2010-09-29 02:48 · Score: 5, Interesting

DRM must be really really costly. And the bad thing is we're all paying for it - the honest customers even more than the "pirates" against which it is supposed to protect.
When I see how much computing resources it takes just to en/decrypt a stream - OK it's a general purpose processor, not something dedicated - I am thinking of the cost of those resources in all the devices we have. After all your BluRay player has to read the BR disk, decrypt the content, then encrypt it again to an HDCP stream, which is sent over to say a TV, which then decrypts it again to make it a watchable image.
Now if only we wouldn't need that encryption.
BluRay itself is (all but) cracked, that's one decryption step that can be done away with.
HDCP transfer is now done with; that's another two steps of en- and decryption that can go.
That is at least three pieces of beefy hardware. That's three chips that won't come for a few pennies each. That's three chips that will be wasting significant amounts of energy.
Plus of course the huge upfront cost to develop all that: to develop the algorithms, set up the secure key supply, designing the dedicated de/encrypt chips and writing all the software around it to make it work.
And all of us are paying for it. It makes BR players and disks and HDCP compliant hardware more expensive than necessary, it even increases our power bills unnecessary. I really wonder when this madness can come to an end.
I'm waiting... by bjwest · 2010-09-29 04:55 · Score: 3, Insightful

China. Where's my pass-through video card I can put in my MCPC to overlay text and graphics on my TV? I want to feed my TIVO into my MCPC so I can control my own PIP and overlays. I couldn't care less about pirating the stuff myself. If I want a local copy of something, it's already out in the wild - I'll get it that way. I just want to be able to control my media and view what I want how I want.

--

--- Keep the choice with the user..
Re:What would be the issues with a hardware versio by awshidahak · 2010-09-29 06:32 · Score: 3, Interesting

Problem with this: Your other devices will eventually get restrictions on them that only allow a certain number of new devices to be connected to them before they fry. Every new key counts as a new device.