[FFmpeg-devel] support for reading / writing encrypted MP4 files

Michael Niedermayer michaelni at gmx.at
Mon Dec 14 16:18:28 CET 2015


On Mon, Dec 14, 2015 at 08:25:01AM +0000, Eran Kornblau wrote:
> Hi,
> 
> Bumping up this thread... please let me if you want me to make any additional changes or this can be merged.
> Attaching the patch files again (same ones I sent in my last post)
[...]

> +int ff_mov_cenc_init(MOVMuxCencContext* ctx, uint8_t* encryption_key, int use_subsamples)
> +{
> +    int ret;
> +
> +    ctx->aes_ctr = av_aes_ctr_alloc();
> +    if (!ctx->aes_ctr) {
> +        return AVERROR(ENOMEM);
> +    }
> +
> +    ret = av_aes_ctr_init(ctx->aes_ctr, encryption_key, NULL);

using a random IV value would break any regression tests
see AVFMT_FLAG_BITEXACT


> +    if (ret != 0) {
> +        return ret;
> +    }
> +
> +    ctx->use_subsamples = use_subsamples;
> +
> +    return 0;
> +}
> +
> +void ff_mov_cenc_free(MOVMuxCencContext* ctx)
> +{
> +    av_aes_ctr_free(ctx->aes_ctr);
> +}
[....]
> +
> +static int mov_read_senc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
> +{
> +    AVStream *st;
> +    MOVStreamContext *sc;
> +    size_t auxiliary_info_size;
> +    int ret;
> +
> +    if (c->decryption_key_len == 0 || c->fc->nb_streams < 1)
> +        return 0;
> +
> +    st = c->fc->streams[c->fc->nb_streams - 1];
> +    sc = st->priv_data;
> +
> +    if (sc->cenc.aes_ctr) {
> +        av_log(c->fc, AV_LOG_ERROR, "duplicate senc atom\n");
> +        return AVERROR_INVALIDDATA;
> +    }
> +
> +    avio_r8(pb); /* version */
> +    sc->cenc.use_subsamples = avio_rb24(pb) & 0x02; /* flags */
> +
> +    avio_rb32(pb);        /* entries */
> +
> +    if (atom.size < 8) {
> +        av_log(c->fc, AV_LOG_ERROR, "senc atom size %"PRId64" too small\n", atom.size);
> +        return AVERROR_INVALIDDATA;
> +    }
> +
> +    /* save the auxiliary info as is */
> +    auxiliary_info_size = atom.size - 8;
> +
> +    sc->cenc.auxiliary_info = av_malloc(auxiliary_info_size);
> +    if (!sc->cenc.auxiliary_info) {
> +        return AVERROR(ENOMEM);
> +    }
> +
> +    sc->cenc.auxiliary_info_end = sc->cenc.auxiliary_info + auxiliary_info_size;
> +
> +    sc->cenc.auxiliary_info_pos = sc->cenc.auxiliary_info;
> +
> +    if (avio_read(pb, sc->cenc.auxiliary_info, auxiliary_info_size) != auxiliary_info_size) {
> +        av_log(c->fc, AV_LOG_ERROR, "failed to read the auxiliary info");
> +        return AVERROR_INVALIDDATA;
> +    }
> +
> +    /* initialize the cipher */
> +    sc->cenc.aes_ctr = av_aes_ctr_alloc();
> +    if (!sc->cenc.aes_ctr) {
> +        return AVERROR(ENOMEM);
> +    }
> +
> +    ret = av_aes_ctr_init(sc->cenc.aes_ctr, c->decryption_key, NULL);

is this filling in a random IV that later is overridden ?
random_seed() can be slow so it would be better not to call it if
its value isnt used

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I have often repented speaking, but never of holding my tongue.
-- Xenocrates
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20151214/0429d988/attachment.sig>


More information about the ffmpeg-devel mailing list