Skip to content

feat: AES-128 support for FairPlay Streaming compatibility#33

Merged
arkavo-com merged 4 commits intomainfrom
feature/fairplay
Dec 27, 2025
Merged

feat: AES-128 support for FairPlay Streaming compatibility#33
arkavo-com merged 4 commits intomainfrom
feature/fairplay

Conversation

@arkavo-com
Copy link
Contributor

@arkavo-com arkavo-com commented Dec 27, 2025

Summary

Adds configurable AES key size support to TDF Archive encryption, enabling AES-128-GCM for FairPlay Streaming DRM compatibility.

Closes #32

Changes

  • New TDFKeySize enum (.bits128, .bits256) with algorithm string property
  • TDFEncryptionConfiguration now accepts optional keySize parameter (defaults to .bits256)
  • TDFManifestBuilder supports configurable algorithm parameter
  • CLI supports TDF_KEY_SIZE environment variable (128 or 256)
  • 12 new tests for AES-128 encryption/decryption

API Usage

let config = TDFEncryptionConfiguration(
    kas: kasInfo,
    policy: policy,
    keySize: .bits128  // For FairPlay compatibility
)

Backward Compatibility

  • Default remains AES-256-GCM
  • NanoTDF unchanged (requires AES-256 per spec)
  • All existing code works unchanged

Test plan

  • testTDFKeySizeEnum - enum properties correct
  • testAES128KeyGeneration - generates 16-byte keys
  • testAES128EncryptionDecryption - round-trip works
  • testAES128EndToEndEncryption - full TDF workflow
  • testAES128RSAKeyWrapping - key wrapping/unwrapping
  • testManifestBuilderWithAES128 - manifest algorithm string
  • All 32 StandardTDFTests passing

🤖 Generated with Claude Code

arkavo-com and others added 4 commits December 27, 2025 12:35
@arkavo-com @claude
feat: add AES-128 support for FairPlay Streaming compatibility
8ef41d9 
Add configurable key size support to TDF Archive encryption:
- New TDFKeySize enum (.bits128, .bits256) with algorithm string
- TDFEncryptionConfiguration now accepts keySize parameter
- TDFManifestBuilder supports algorithm parameter
- CLI supports TDF_KEY_SIZE environment variable
- 12 new tests for AES-128 encryption/decryption

Default remains AES-256-GCM for backward compatibility.
NanoTDF unchanged (requires AES-256 per spec).

Closes #32

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@arkavo-com @claude
style: fix SwiftFormat lint issues
e9812ca 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@arkavo-com @claude
style: apply swiftformat
6546c2d 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@arkavo-com @claude
fix: use v12 HKDF salt for NanoTDF collection KeyStore decryption
53d7ce3 
- Include KAS public key in collection header for KeyStore lookup
- Update KeyStore.derivePayloadSymmetricKey to use v12 salt
- Update tests to match v12 salt derivation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 27, 2025

Quality Gate Passed Quality Gate passed

Issues
11 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@arkavo-com arkavo-com merged commit 64df974 into main Dec 27, 2025
7 checks passed
@arkavo-com arkavo-com deleted the feature/fairplay branch December 27, 2025 17:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature Request: AES-128 Support for FairPlay Streaming Compatibility

1 participant

@arkavo-com