FFmpeg
crypto.c
Go to the documentation of this file.
1 /*
2  * Decryption protocol handler
3  * Copyright (c) 2011 Martin Storsjo
4  *
5  * This file is part of FFmpeg.
6  *
7  * FFmpeg is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2.1 of the License, or (at your option) any later version.
11  *
12  * FFmpeg is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with FFmpeg; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20  */
21 
22 #include "libavutil/aes.h"
23 #include "libavutil/avstring.h"
24 #include "libavutil/mem.h"
25 #include "libavutil/opt.h"
26 #include "url.h"
27 
28 // encourage reads of 4096 bytes - 1 block is always retained.
29 #define MAX_BUFFER_BLOCKS 257
30 #define BLOCKSIZE 16
31 
32 typedef struct CryptoContext {
33  const AVClass *class;
37  uint8_t *outptr;
39  int64_t position; // position in file - used in seek
40  int flags;
41  int eof;
42  uint8_t *key;
43  int keylen;
44  uint8_t *iv;
45  int ivlen;
46  uint8_t *decrypt_key;
48  uint8_t *decrypt_iv;
50  uint8_t *encrypt_key;
52  uint8_t *encrypt_iv;
54  struct AVAES *aes_decrypt;
55  struct AVAES *aes_encrypt;
56  uint8_t *write_buf;
57  unsigned int write_buf_size;
58  uint8_t pad[BLOCKSIZE];
59  int pad_len;
61 
62 #define OFFSET(x) offsetof(CryptoContext, x)
63 #define D AV_OPT_FLAG_DECODING_PARAM
64 #define E AV_OPT_FLAG_ENCODING_PARAM
65 static const AVOption crypto_options[] = {
66  {"key", "AES encryption/decryption key", OFFSET(key), AV_OPT_TYPE_BINARY, .flags = D|E },
67  {"iv", "AES encryption/decryption initialization vector", OFFSET(iv), AV_OPT_TYPE_BINARY, .flags = D|E },
68  {"decryption_key", "AES decryption key", OFFSET(decrypt_key), AV_OPT_TYPE_BINARY, .flags = D },
69  {"decryption_iv", "AES decryption initialization vector", OFFSET(decrypt_iv), AV_OPT_TYPE_BINARY, .flags = D },
70  {"encryption_key", "AES encryption key", OFFSET(encrypt_key), AV_OPT_TYPE_BINARY, .flags = E },
71  {"encryption_iv", "AES encryption initialization vector", OFFSET(encrypt_iv), AV_OPT_TYPE_BINARY, .flags = E },
72  { NULL }
73 };
74 
75 static const AVClass crypto_class = {
76  .class_name = "crypto",
77  .item_name = av_default_item_name,
78  .option = crypto_options,
79  .version = LIBAVUTIL_VERSION_INT,
80 };
81 
82 static int set_aes_arg(URLContext *h, uint8_t **buf, int *buf_len,
83  uint8_t *default_buf, int default_buf_len,
84  const char *desc)
85 {
86  if (!*buf_len) {
87  if (!default_buf_len) {
88  av_log(h, AV_LOG_ERROR, "%s not set\n", desc);
89  return AVERROR(EINVAL);
90  } else if (default_buf_len != BLOCKSIZE) {
92  "invalid %s size (%d bytes, block size is %d)\n",
93  desc, default_buf_len, BLOCKSIZE);
94  return AVERROR(EINVAL);
95  }
96  *buf = av_memdup(default_buf, default_buf_len);
97  if (!*buf)
98  return AVERROR(ENOMEM);
99  *buf_len = default_buf_len;
100  } else if (*buf_len != BLOCKSIZE) {
102  "invalid %s size (%d bytes, block size is %d)\n",
103  desc, *buf_len, BLOCKSIZE);
104  return AVERROR(EINVAL);
105  }
106  return 0;
107 }
108 
109 static int crypto_open2(URLContext *h, const char *uri, int flags, AVDictionary **options)
110 {
111  const char *nested_url;
112  int ret = 0;
113  CryptoContext *c = h->priv_data;
114  c->flags = flags;
115 
116  if (!av_strstart(uri, "crypto+", &nested_url) &&
117  !av_strstart(uri, "crypto:", &nested_url)) {
118  av_log(h, AV_LOG_ERROR, "Unsupported url %s\n", uri);
119  ret = AVERROR(EINVAL);
120  goto err;
121  }
122 
123  if (flags & AVIO_FLAG_READ) {
124  if ((ret = set_aes_arg(h, &c->decrypt_key, &c->decrypt_keylen,
125  c->key, c->keylen, "decryption key")) < 0)
126  goto err;
127  if ((ret = set_aes_arg(h, &c->decrypt_iv, &c->decrypt_ivlen,
128  c->iv, c->ivlen, "decryption IV")) < 0)
129  goto err;
130  }
131 
132  if (flags & AVIO_FLAG_WRITE) {
133  if ((ret = set_aes_arg(h, &c->encrypt_key, &c->encrypt_keylen,
134  c->key, c->keylen, "encryption key")) < 0)
135  if (ret < 0)
136  goto err;
137  if ((ret = set_aes_arg(h, &c->encrypt_iv, &c->encrypt_ivlen,
138  c->iv, c->ivlen, "encryption IV")) < 0)
139  goto err;
140  }
141 
142  if ((ret = ffurl_open_whitelist(&c->hd, nested_url, flags,
143  &h->interrupt_callback, options,
144  h->protocol_whitelist, h->protocol_blacklist, h)) < 0) {
145  av_log(h, AV_LOG_ERROR, "Unable to open resource: %s\n", nested_url);
146  goto err;
147  }
148 
149  if (flags & AVIO_FLAG_READ) {
150  c->aes_decrypt = av_aes_alloc();
151  if (!c->aes_decrypt) {
152  ret = AVERROR(ENOMEM);
153  goto err;
154  }
155  ret = av_aes_init(c->aes_decrypt, c->decrypt_key, BLOCKSIZE * 8, 1);
156  if (ret < 0)
157  goto err;
158 
159  // pass back information about the context we openned
160  if (c->hd->is_streamed)
161  h->is_streamed = c->hd->is_streamed;
162  }
163 
164  if (flags & AVIO_FLAG_WRITE) {
165  c->aes_encrypt = av_aes_alloc();
166  if (!c->aes_encrypt) {
167  ret = AVERROR(ENOMEM);
168  goto err;
169  }
170  ret = av_aes_init(c->aes_encrypt, c->encrypt_key, BLOCKSIZE * 8, 0);
171  if (ret < 0)
172  goto err;
173  // for write, we must be streamed
174  // - linear write only for crytpo aes-128-cbc
175  h->is_streamed = 1;
176  }
177 
178 err:
179  return ret;
180 }
181 
182 static int crypto_read(URLContext *h, uint8_t *buf, int size)
183 {
184  CryptoContext *c = h->priv_data;
185  int blocks;
186 retry:
187  if (c->outdata > 0) {
188  size = FFMIN(size, c->outdata);
189  memcpy(buf, c->outptr, size);
190  c->outptr += size;
191  c->outdata -= size;
192  c->position = c->position + size;
193  return size;
194  }
195  // We avoid using the last block until we've found EOF,
196  // since we'll remove PKCS7 padding at the end. So make
197  // sure we've got at least 2 blocks, so we can decrypt
198  // at least one.
199  while (c->indata - c->indata_used < 2*BLOCKSIZE) {
200  int n = ffurl_read(c->hd, c->inbuffer + c->indata,
201  sizeof(c->inbuffer) - c->indata);
202  if (n <= 0) {
203  c->eof = 1;
204  break;
205  }
206  c->indata += n;
207  }
208  blocks = (c->indata - c->indata_used) / BLOCKSIZE;
209  if (!blocks)
210  return AVERROR_EOF;
211  if (!c->eof)
212  blocks--;
213  av_aes_crypt(c->aes_decrypt, c->outbuffer, c->inbuffer + c->indata_used,
214  blocks, c->decrypt_iv, 1);
215  c->outdata = BLOCKSIZE * blocks;
216  c->outptr = c->outbuffer;
217  c->indata_used += BLOCKSIZE * blocks;
218  if (c->indata_used >= sizeof(c->inbuffer)/2) {
219  memmove(c->inbuffer, c->inbuffer + c->indata_used,
220  c->indata - c->indata_used);
221  c->indata -= c->indata_used;
222  c->indata_used = 0;
223  }
224  if (c->eof) {
225  // Remove PKCS7 padding at the end
226  int padding = c->outbuffer[c->outdata - 1];
227  c->outdata -= padding;
228  }
229  goto retry;
230 }
231 
232 static int64_t crypto_seek(URLContext *h, int64_t pos, int whence)
233 {
234  CryptoContext *c = h->priv_data;
235  int64_t block;
236  int64_t newpos;
237 
238  if (c->flags & AVIO_FLAG_WRITE) {
240  "Crypto: seek not supported for write\r\n");
241  /* seems the most appropriate error to return */
242  return AVERROR(ESPIPE);
243  }
244 
245  // reset eof, else we won't read it correctly if we already hit eof.
246  c->eof = 0;
247 
248  switch (whence) {
249  case SEEK_SET:
250  break;
251  case SEEK_CUR:
252  pos = pos + c->position;
253  break;
254  case SEEK_END:
255  newpos = ffurl_seek( c->hd, pos, AVSEEK_SIZE );
256  if (newpos < 0) {
258  "Crypto: seek_end - can't get file size (pos=%"PRId64")\r\n", pos);
259  return newpos;
260  }
261  pos = newpos - pos;
262  break;
263  case AVSEEK_SIZE:
264  return ffurl_seek( c->hd, pos, AVSEEK_SIZE );
265  default:
267  "Crypto: no support for seek where 'whence' is %d\r\n", whence);
268  return AVERROR(EINVAL);
269  }
270 
271  c->outdata = 0;
272  c->indata = 0;
273  c->indata_used = 0;
274  c->outptr = c->outbuffer;
275 
276  // identify the block containing the IV for the
277  // next block we will decrypt
278  block = pos/BLOCKSIZE;
279  if (block == 0) {
280  // restore the iv to the seed one - this is the iv for the FIRST block
281  memcpy( c->decrypt_iv, c->iv, c->ivlen );
282  c->position = 0;
283  } else {
284  // else, go back one block - we will get av_cyrpt to read this block
285  // which it will then store use as the iv.
286  // note that the DECRYPTED result will not be correct,
287  // but will be discarded
288  block--;
289  c->position = (block * BLOCKSIZE);
290  }
291 
292  newpos = ffurl_seek( c->hd, c->position, SEEK_SET );
293  if (newpos < 0) {
295  "Crypto: nested protocol no support for seek or seek failed\n");
296  return newpos;
297  }
298 
299  // read and discard from here up to required position
300  // (which will set the iv correctly to it).
301  if (pos - c->position) {
302  uint8_t buff[BLOCKSIZE*2]; // maximum size of pos-c->position
303  int len = pos - c->position;
304  int res;
305 
306  while (len > 0) {
307  // note: this may not return all the bytes first time
308  res = crypto_read(h, buff, len);
309  if (res < 0)
310  break;
311  len -= res;
312  }
313 
314  // if we did not get all the bytes
315  if (len != 0) {
316  char errbuf[100] = "unknown error";
317  av_strerror(res, errbuf, sizeof(errbuf));
319  "Crypto: discard read did not get all the bytes (%d remain) - read returned (%d)-%s\n",
320  len, res, errbuf);
321  return AVERROR(EINVAL);
322  }
323  }
324 
325  return c->position;
326 }
327 
328 static int crypto_write(URLContext *h, const unsigned char *buf, int size)
329 {
330  CryptoContext *c = h->priv_data;
331  int total_size, blocks, pad_len, out_size;
332  int ret = 0;
333 
334  total_size = size + c->pad_len;
335  pad_len = total_size % BLOCKSIZE;
336  out_size = total_size - pad_len;
337  blocks = out_size / BLOCKSIZE;
338 
339  if (out_size) {
340  av_fast_malloc(&c->write_buf, &c->write_buf_size, out_size);
341 
342  if (!c->write_buf)
343  return AVERROR(ENOMEM);
344 
345  if (c->pad_len) {
346  memcpy(&c->pad[c->pad_len], buf, BLOCKSIZE - c->pad_len);
347  av_aes_crypt(c->aes_encrypt, c->write_buf, c->pad, 1, c->encrypt_iv, 0);
348  blocks--;
349  }
350 
351  av_aes_crypt(c->aes_encrypt,
352  &c->write_buf[c->pad_len ? BLOCKSIZE : 0],
353  &buf[c->pad_len ? BLOCKSIZE - c->pad_len : 0],
354  blocks, c->encrypt_iv, 0);
355 
356  ret = ffurl_write(c->hd, c->write_buf, out_size);
357  if (ret < 0)
358  return ret;
359 
360  memcpy(c->pad, &buf[size - pad_len], pad_len);
361  } else
362  memcpy(&c->pad[c->pad_len], buf, size);
363 
364  c->pad_len = pad_len;
365 
366  return size;
367 }
368 
370 {
371  CryptoContext *c = h->priv_data;
372  int ret = 0;
373 
374  if (c->aes_encrypt) {
375  uint8_t out_buf[BLOCKSIZE];
376  int pad = BLOCKSIZE - c->pad_len;
377 
378  memset(&c->pad[c->pad_len], pad, pad);
379  av_aes_crypt(c->aes_encrypt, out_buf, c->pad, 1, c->encrypt_iv, 0);
380  ret = ffurl_write(c->hd, out_buf, BLOCKSIZE);
381  }
382 
383  ffurl_closep(&c->hd);
384  av_freep(&c->aes_decrypt);
385  av_freep(&c->aes_encrypt);
386  av_freep(&c->write_buf);
387  return ret;
388 }
389 
391  .name = "crypto",
392  .url_open2 = crypto_open2,
393  .url_seek = crypto_seek,
394  .url_read = crypto_read,
395  .url_write = crypto_write,
396  .url_close = crypto_close,
397  .priv_data_size = sizeof(CryptoContext),
398  .priv_data_class = &crypto_class,
400 };
ffurl_seek
static int64_t ffurl_seek(URLContext *h, int64_t pos, int whence)
Change the position that will be used by the next read/write operation on the resource accessed by h.
Definition: url.h:222
av_aes_init
int av_aes_init(AVAES *a, const uint8_t *key, int key_bits, int decrypt)
Initialize an AVAES context.
Definition: aes.c:201
AVERROR
Filter the word “frame” indicates either a video frame or a group of audio as stored in an AVFrame structure Format for each input and each output the list of supported formats For video that means pixel format For audio that means channel sample they are references to shared objects When the negotiation mechanism computes the intersection of the formats supported at each end of a all references to both lists are replaced with a reference to the intersection And when a single format is eventually chosen for a link amongst the remaining all references to the list are updated That means that if a filter requires that its input and output have the same format amongst a supported all it has to do is use a reference to the same list of formats query_formats can leave some formats unset and return AVERROR(EAGAIN) to cause the negotiation mechanism toagain later. That can be used by filters with complex requirements to use the format negotiated on one link to set the formats supported on another. Frame references ownership and permissions
opt.h
crypto_write
static int crypto_write(URLContext *h, const unsigned char *buf, int size)
Definition: crypto.c:328
AVERROR_EOF
#define AVERROR_EOF
End of file.
Definition: error.h:57
int64_t
long long int64_t
Definition: coverity.c:34
ffurl_write
static int ffurl_write(URLContext *h, const uint8_t *buf, int size)
Write size bytes from buf to the resource accessed by h.
Definition: url.h:202
out_size
int out_size
Definition: movenc.c:56
CryptoContext::encrypt_ivlen
int encrypt_ivlen
Definition: crypto.c:53
CryptoContext::indata
int indata
Definition: crypto.c:38
AVOption
AVOption.
Definition: opt.h:429
AVSEEK_SIZE
#define AVSEEK_SIZE
ORing this as the "whence" parameter to a seek function causes it to return the filesize without seek...
Definition: avio.h:468
CryptoContext::position
int64_t position
Definition: crypto.c:39
CryptoContext::eof
int eof
Definition: crypto.c:41
AVDictionary
Definition: dict.c:34
OFFSET
#define OFFSET(x)
Definition: crypto.c:62
URLProtocol
Definition: url.h:51
CryptoContext::flags
int flags
Definition: crypto.c:40
av_memdup
void * av_memdup(const void *p, size_t size)
Duplicate a buffer with av_malloc().
Definition: mem.c:304
CryptoContext::indata_used
int indata_used
Definition: crypto.c:38
AV_OPT_TYPE_BINARY
@ AV_OPT_TYPE_BINARY
Underlying C type is a uint8_t* that is either NULL or points to an array allocated with the av_mallo...
Definition: opt.h:286
av_strerror
int av_strerror(int errnum, char *errbuf, size_t errbuf_size)
Put a description of the AVERROR code errnum in errbuf.
Definition: error.c:109
CryptoContext::encrypt_key
uint8_t * encrypt_key
Definition: crypto.c:50
crypto_class
static const AVClass crypto_class
Definition: crypto.c:75
CryptoContext::aes_decrypt
struct AVAES * aes_decrypt
Definition: crypto.c:54
AV_LOG_ERROR
#define AV_LOG_ERROR
Something went wrong and cannot losslessly be recovered.
Definition: log.h:209
ffurl_open_whitelist
int ffurl_open_whitelist(URLContext **puc, const char *filename, int flags, const AVIOInterruptCB *int_cb, AVDictionary **options, const char *whitelist, const char *blacklist, URLContext *parent)
Create an URLContext for accessing to the resource indicated by url, and open it.
Definition: avio.c:362
CryptoContext::decrypt_iv
uint8_t * decrypt_iv
Definition: crypto.c:48
CryptoContext::encrypt_iv
uint8_t * encrypt_iv
Definition: crypto.c:52
AVIO_FLAG_WRITE
#define AVIO_FLAG_WRITE
write-only
Definition: avio.h:618
CryptoContext
Definition: crypto.c:32
key
const char * key
Definition: hwcontext_opencl.c:189
set_aes_arg
static int set_aes_arg(URLContext *h, uint8_t **buf, int *buf_len, uint8_t *default_buf, int default_buf_len, const char *desc)
Definition: crypto.c:82
CryptoContext::key
uint8_t * key
Definition: crypto.c:42
CryptoContext::hd
URLContext * hd
Definition: crypto.c:34
LIBAVUTIL_VERSION_INT
#define LIBAVUTIL_VERSION_INT
Definition: version.h:85
CryptoContext::decrypt_keylen
int decrypt_keylen
Definition: crypto.c:47
aes.h
AVClass
Describe the class of an AVClass context structure.
Definition: log.h:75
NULL
#define NULL
Definition: coverity.c:32
CryptoContext
@ CryptoContext
Definition: mxf.h:42
av_default_item_name
const char * av_default_item_name(void *ptr)
Return the context name.
Definition: log.c:237
CryptoContext::aes_encrypt
struct AVAES * aes_encrypt
Definition: crypto.c:55
av_aes_crypt
void av_aes_crypt(AVAES *a, uint8_t *dst, const uint8_t *src, int count, uint8_t *iv, int decrypt)
Encrypt or decrypt a buffer using a previously initialized context.
Definition: aes.c:169
av_aes_alloc
struct AVAES * av_aes_alloc(void)
Allocate an AVAES context.
Definition: aes.c:35
options
Definition: swscale.c:42
CryptoContext::outptr
uint8_t * outptr
Definition: crypto.c:37
CryptoContext::encrypt_keylen
int encrypt_keylen
Definition: crypto.c:51
c
Undefined Behavior In the C some operations are like signed integer dereferencing freed accessing outside allocated Undefined Behavior must not occur in a C it is not safe even if the output of undefined operations is unused The unsafety may seem nit picking but Optimizing compilers have in fact optimized code on the assumption that no undefined Behavior occurs Optimizing code based on wrong assumptions can and has in some cases lead to effects beyond the output of computations The signed integer overflow problem in speed critical code Code which is highly optimized and works with signed integers sometimes has the problem that often the output of the computation does not c
Definition: undefined.txt:32
CryptoContext::decrypt_key
uint8_t * decrypt_key
Definition: crypto.c:46
URL_PROTOCOL_FLAG_NESTED_SCHEME
#define URL_PROTOCOL_FLAG_NESTED_SCHEME
Definition: url.h:32
size
int size
Definition: twinvq_data.h:10344
crypto_open2
static int crypto_open2(URLContext *h, const char *uri, int flags, AVDictionary **options)
Definition: crypto.c:109
URLProtocol::name
const char * name
Definition: url.h:52
CryptoContext::iv
uint8_t * iv
Definition: crypto.c:44
av_strstart
int av_strstart(const char *str, const char *pfx, const char **ptr)
Return non-zero if pfx is a prefix of str.
Definition: avstring.c:36
CryptoContext::inbuffer
uint8_t inbuffer[BLOCKSIZE *MAX_BUFFER_BLOCKS]
Definition: crypto.c:35
CryptoContext::keylen
int keylen
Definition: crypto.c:43
crypto_close
static int crypto_close(URLContext *h)
Definition: crypto.c:369
crypto_options
static const AVOption crypto_options[]
Definition: crypto.c:65
URLContext
Definition: url.h:35
D
#define D
Definition: crypto.c:63
FFMIN
#define FFMIN(a, b)
Definition: macros.h:49
url.h
CryptoContext::ivlen
int ivlen
Definition: crypto.c:45
len
int len
Definition: vorbis_enc_data.h:426
CryptoContext::outdata
int outdata
Definition: crypto.c:38
ffurl_closep
int ffurl_closep(URLContext **hh)
Close the resource accessed by the URLContext h, and free the memory used by it.
Definition: avio.c:588
ret
ret
Definition: filter_design.txt:187
AVClass::class_name
const char * class_name
The name of the class; usually it is the same name as the context structure type to which the AVClass...
Definition: log.h:80
AVAES
Definition: aes_internal.h:34
pos
unsigned int pos
Definition: spdifenc.c:414
CryptoContext::decrypt_ivlen
int decrypt_ivlen
Definition: crypto.c:49
CryptoContext::write_buf_size
unsigned int write_buf_size
Definition: crypto.c:57
CryptoContext::outbuffer
uint8_t outbuffer[BLOCKSIZE *MAX_BUFFER_BLOCKS]
Definition: crypto.c:36
E
#define E
Definition: crypto.c:64
crypto_read
static int crypto_read(URLContext *h, uint8_t *buf, int size)
Definition: crypto.c:182
AVIO_FLAG_READ
#define AVIO_FLAG_READ
read-only
Definition: avio.h:617
desc
const char * desc
Definition: libsvtav1.c:79
mem.h
av_freep
#define av_freep(p)
Definition: tableprint_vlc.h:34
av_fast_malloc
void av_fast_malloc(void *ptr, unsigned int *size, size_t min_size)
Allocate a buffer, reusing the given one if large enough.
Definition: mem.c:557
ff_crypto_protocol
const URLProtocol ff_crypto_protocol
Definition: crypto.c:390
flags
#define flags(name, subs,...)
Definition: cbs_av1.c:482
block
The exact code depends on how similar the blocks are and how related they are to the block
Definition: filter_design.txt:207
av_log
#define av_log(a,...)
Definition: tableprint_vlc.h:27
crypto_seek
static int64_t crypto_seek(URLContext *h, int64_t pos, int whence)
Definition: crypto.c:232
h
h
Definition: vp9dsp_template.c:2070
avstring.h
CryptoContext::pad
uint8_t pad[BLOCKSIZE]
Definition: crypto.c:58
CryptoContext::pad_len
int pad_len
Definition: crypto.c:59
BLOCKSIZE
#define BLOCKSIZE
Definition: crypto.c:30
MAX_BUFFER_BLOCKS
#define MAX_BUFFER_BLOCKS
Definition: crypto.c:29
ffurl_read
static int ffurl_read(URLContext *h, uint8_t *buf, int size)
Read up to size bytes from the resource accessed by h, and store the read bytes in buf.
Definition: url.h:181
CryptoContext::write_buf
uint8_t * write_buf
Definition: crypto.c:56