[FFmpeg-devel] [RFC] avcodec/avcodec.h: Add encryption info side data

James Almer jamrial at gmail.com
Mon Dec 18 21:56:08 EET 2017


On 12/18/2017 4:52 PM, wm4 wrote:
> On Fri, 15 Dec 2017 14:24:17 -0800
> Jacob Trimble <modmaker-at-google.com at ffmpeg.org> wrote:
> 
>> From a1b2cbcb7da4da69685f8f1299b70b672ce448e3 Mon Sep 17 00:00:00 2001
>> From: Jacob Trimble <modmaker at google.com>
>> Date: Tue, 5 Dec 2017 14:52:22 -0800
>> Subject: [PATCH] avcodec/avcodec.h: Add encryption info side data.
>>
>> This new side-data will contain info on how a packet is encrypted.
>> This allows the app to handle packet decryption.  To allow for a
>> variable number of subsamples, the buffer for the side-data will be
>> allocated to hold both the structure and the array of subsamples.  So
>> the |subsamples| member will point to right after the struct.
>>
>> Signed-off-by: Jacob Trimble <modmaker at google.com>
>> ---
>>  libavcodec/avcodec.h | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++
>>  1 file changed, 70 insertions(+)
>>
>> diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h
>> index 5db6a81320..ccc89345e8 100644
>> --- a/libavcodec/avcodec.h
>> +++ b/libavcodec/avcodec.h
>> @@ -1112,6 +1112,63 @@ typedef struct AVCPBProperties {
>>      uint64_t vbv_delay;
>>  } AVCPBProperties;
>>  
>> +typedef struct AVPacketSubsampleEncryptionInfo {
>> +    /** The number of bytes that are clear. */
>> +    unsigned int bytes_of_clear_data;
>> +
>> +    /**
>> +     * The number of bytes that are protected.  If using pattern encryption,
>> +     * the pattern applies to only the protected bytes; if not using pattern
>> +     * encryption, all these bytes are encrypted.
>> +     */
>> +    unsigned int bytes_of_protected_data;
>> +} AVPacketSubsampleEncryptionInfo;
>> +
>> +/**
>> + * This describes encryption info for a packet.  This contains frame-specific
>> + * info for how to decrypt the packet before passing it to the decoder.  If this
>> + * side-data is present, then the packet is encrypted.
>> + */
>> +typedef struct AVPacketEncryptionInfo {
>> +    /** The fourcc encryption scheme. */
>> +    uint32_t scheme;
>> +
>> +    /** The ID of the key used to encrypt the packet. */
>> +    uint8_t key_id[16];
>> +
>> +    /** The initialization vector. */
>> +    uint8_t iv[16];
>> +
>> +    /**
>> +     * Only used for pattern encryption.  This is the number of 16-byte blocks
>> +     * that are encrypted.
>> +     */
>> +    unsigned int crypt_byte_block;
>> +
>> +    /**
>> +     * Only used for pattern encryption.  This is the number of 16-byte blocks
>> +     * that are clear.
>> +     */
>> +    unsigned int skip_byte_block;
>> +
>> +    /**
>> +     * The number of sub-samples in this packet.  If 0, then the whole sample
>> +     * is encrypted.
>> +     */
>> +    unsigned int subsample_count;
>> +
>> +    /** The subsample encryption info. */
>> +    AVPacketSubsampleEncryptionInfo *subsamples;
> 
> I don't think this is sane. So far, side data could simply be copied
> with memcpy, and having pointers to non-static data in side data would
> break this completely.

Even more reasons to ditch the current side data API and come up with a
better designed one that can also be reused for packet, frame and
container needs.

> 
>> +} AVPacketEncryptionInfo;
>> +/**
>> + * The size of the side-data for the AV_PKT_DATA_PACKET_ENCRYPTION_INFO type.
>> + * The side-data will contain the AVPacketEncryptionInfo struct followed by
>> + * the subsample array.  The subsamples member should point to after the struct
>> + * so the app can easily access it.
>> + */
>> +#define FF_PACKET_ENCRYPTION_INFO_SIZE(subsample_count) \
>> +    (sizeof(AVPacketEncryptionInfo) + sizeof(AVPacketSubsampleEncryptionInfo) * subsample_count)
>> +
>>  /**
>>   * The decoder will keep a reference to the frame and may reuse it later.
>>   */
>> @@ -1327,6 +1384,19 @@ enum AVPacketSideDataType {
>>       */
>>      AV_PKT_DATA_A53_CC,
>>  
>> +    /**
>> +     * This side data is encryption "initialization data".
>> +     * For MP4 this is the entire 'pssh' box.
>> +     * For WebM this is the key ID.
>> +     */
>> +    AV_PKT_DATA_ENCRYPTION_INIT_DATA,
>> +
>> +    /**
>> +     * This side data is an AVPacketEncryptionInfo structure and contains info
>> +     * about how the packet is encrypted.
>> +     */
>> +    AV_PKT_DATA_PACKET_ENCRYPTION_INFO,
>> +
>>      /**
>>       * The number of side data types.
>>       * This is not part of the public API/ABI in the sense that it may
> 
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 



More information about the ffmpeg-devel mailing list