2022-08-26 15:44:59 +00:00
|
|
|
|
// Copyright 2017 Google LLC. All rights reserved.
|
2017-02-02 18:28:29 +00:00
|
|
|
|
//
|
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
|
// license that can be found in the LICENSE file or at
|
|
|
|
|
// https://developers.google.com/open-source/licenses/bsd
|
|
|
|
|
|
2023-10-10 23:51:11 +00:00
|
|
|
|
#include <packager/media/crypto/encryption_handler.h>
|
2017-02-02 18:28:29 +00:00
|
|
|
|
|
2017-09-18 23:31:00 +00:00
|
|
|
|
#include <algorithm>
|
2023-10-11 08:49:50 +00:00
|
|
|
|
#include <cstddef>
|
|
|
|
|
#include <cstdint>
|
2017-02-02 18:28:29 +00:00
|
|
|
|
|
2023-10-13 19:42:47 +00:00
|
|
|
|
#include <absl/log/check.h>
|
|
|
|
|
|
|
|
|
|
#include <packager/macros.h>
|
2023-10-10 23:51:11 +00:00
|
|
|
|
#include <packager/media/base/aes_encryptor.h>
|
|
|
|
|
#include <packager/media/base/audio_stream_info.h>
|
|
|
|
|
#include <packager/media/base/common_pssh_generator.h>
|
|
|
|
|
#include <packager/media/base/key_source.h>
|
|
|
|
|
#include <packager/media/base/macros.h>
|
|
|
|
|
#include <packager/media/base/media_sample.h>
|
|
|
|
|
#include <packager/media/base/playready_pssh_generator.h>
|
|
|
|
|
#include <packager/media/base/protection_system_ids.h>
|
|
|
|
|
#include <packager/media/base/video_stream_info.h>
|
|
|
|
|
#include <packager/media/base/widevine_pssh_generator.h>
|
|
|
|
|
#include <packager/media/crypto/aes_encryptor_factory.h>
|
|
|
|
|
#include <packager/media/crypto/subsample_generator.h>
|
|
|
|
|
#include <packager/status/status_macros.h>
|
2017-02-02 18:28:29 +00:00
|
|
|
|
|
|
|
|
|
namespace shaka {
|
|
|
|
|
namespace media {
|
|
|
|
|
|
|
|
|
|
namespace {
|
2017-09-12 17:24:24 +00:00
|
|
|
|
// The encryption handler only supports a single output.
|
|
|
|
|
const size_t kStreamIndex = 0;
|
|
|
|
|
|
2018-08-20 22:45:02 +00:00
|
|
|
|
// The default KID, KEY and IV for key rotation are all 0s.
|
|
|
|
|
// They are placeholders and are not really being used to encrypt data.
|
2017-03-11 02:48:04 +00:00
|
|
|
|
const uint8_t kKeyRotationDefaultKeyId[] = {
|
|
|
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
|
|
|
};
|
2018-08-20 22:45:02 +00:00
|
|
|
|
const uint8_t kKeyRotationDefaultKey[] = {
|
|
|
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
|
|
|
};
|
|
|
|
|
const uint8_t kKeyRotationDefaultIv[] = {
|
|
|
|
|
0, 0, 0, 0, 0, 0, 0, 0,
|
|
|
|
|
};
|
2017-03-11 02:48:04 +00:00
|
|
|
|
|
2017-06-13 21:54:12 +00:00
|
|
|
|
std::string GetStreamLabelForEncryption(
|
2017-05-22 20:31:41 +00:00
|
|
|
|
const StreamInfo& stream_info,
|
|
|
|
|
const std::function<std::string(
|
|
|
|
|
const EncryptionParams::EncryptedStreamAttributes& stream_attributes)>&
|
|
|
|
|
stream_label_func) {
|
|
|
|
|
EncryptionParams::EncryptedStreamAttributes stream_attributes;
|
|
|
|
|
if (stream_info.stream_type() == kStreamAudio) {
|
|
|
|
|
stream_attributes.stream_type =
|
|
|
|
|
EncryptionParams::EncryptedStreamAttributes::kAudio;
|
|
|
|
|
} else if (stream_info.stream_type() == kStreamVideo) {
|
|
|
|
|
const VideoStreamInfo& video_stream_info =
|
|
|
|
|
static_cast<const VideoStreamInfo&>(stream_info);
|
|
|
|
|
stream_attributes.stream_type =
|
|
|
|
|
EncryptionParams::EncryptedStreamAttributes::kVideo;
|
|
|
|
|
stream_attributes.oneof.video.width = video_stream_info.width();
|
|
|
|
|
stream_attributes.oneof.video.height = video_stream_info.height();
|
2017-02-02 18:28:29 +00:00
|
|
|
|
}
|
2017-06-13 21:54:12 +00:00
|
|
|
|
return stream_label_func(stream_attributes);
|
2017-02-02 18:28:29 +00:00
|
|
|
|
}
|
2018-10-04 20:24:21 +00:00
|
|
|
|
|
|
|
|
|
bool IsPatternEncryptionScheme(FourCC protection_scheme) {
|
|
|
|
|
return protection_scheme == kAppleSampleAesProtectionScheme ||
|
|
|
|
|
protection_scheme == FOURCC_cbcs || protection_scheme == FOURCC_cens;
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-01 22:26:31 +00:00
|
|
|
|
void FillPsshGenerators(
|
|
|
|
|
const EncryptionParams& encryption_params,
|
|
|
|
|
std::vector<std::unique_ptr<PsshGenerator>>* pssh_generators,
|
|
|
|
|
std::vector<std::vector<uint8_t>>* no_pssh_systems) {
|
|
|
|
|
if (has_flag(encryption_params.protection_systems,
|
|
|
|
|
ProtectionSystem::kCommon)) {
|
|
|
|
|
pssh_generators->emplace_back(new CommonPsshGenerator());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (has_flag(encryption_params.protection_systems,
|
|
|
|
|
ProtectionSystem::kPlayReady)) {
|
|
|
|
|
pssh_generators->emplace_back(new PlayReadyPsshGenerator(
|
2020-06-09 20:50:55 +00:00
|
|
|
|
encryption_params.playready_extra_header_data,
|
2020-06-01 22:26:31 +00:00
|
|
|
|
static_cast<FourCC>(encryption_params.protection_scheme)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (has_flag(encryption_params.protection_systems,
|
|
|
|
|
ProtectionSystem::kWidevine)) {
|
|
|
|
|
pssh_generators->emplace_back(new WidevinePsshGenerator(
|
|
|
|
|
static_cast<FourCC>(encryption_params.protection_scheme)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (has_flag(encryption_params.protection_systems,
|
|
|
|
|
ProtectionSystem::kFairPlay)) {
|
|
|
|
|
no_pssh_systems->emplace_back(std::begin(kFairPlaySystemId),
|
|
|
|
|
std::end(kFairPlaySystemId));
|
|
|
|
|
}
|
|
|
|
|
// We only support Marlin Adaptive Streaming Specification – Simple Profile
|
|
|
|
|
// with Implicit Content ID Mapping, which does not need a PSSH. Marlin
|
|
|
|
|
// specific PSSH with Explicit Content ID Mapping is not generated.
|
|
|
|
|
if (has_flag(encryption_params.protection_systems,
|
|
|
|
|
ProtectionSystem::kMarlin)) {
|
|
|
|
|
no_pssh_systems->emplace_back(std::begin(kMarlinSystemId),
|
|
|
|
|
std::end(kMarlinSystemId));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (pssh_generators->empty() && no_pssh_systems->empty() &&
|
|
|
|
|
(encryption_params.key_provider != KeyProvider::kRawKey ||
|
|
|
|
|
encryption_params.raw_key.pssh.empty())) {
|
|
|
|
|
pssh_generators->emplace_back(new CommonPsshGenerator());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void AddProtectionSystemIfNotExist(
|
|
|
|
|
const ProtectionSystemSpecificInfo& pssh_info,
|
|
|
|
|
EncryptionConfig* encryption_config) {
|
|
|
|
|
for (const auto& info : encryption_config->key_system_info) {
|
|
|
|
|
if (info.system_id == pssh_info.system_id)
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
encryption_config->key_system_info.push_back(pssh_info);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Status FillProtectionSystemInfo(const EncryptionParams& encryption_params,
|
|
|
|
|
const EncryptionKey& encryption_key,
|
|
|
|
|
EncryptionConfig* encryption_config) {
|
|
|
|
|
// If generating dummy keys for key rotation, don't generate PSSH info.
|
|
|
|
|
if (encryption_key.key_ids.empty())
|
|
|
|
|
return Status::OK;
|
|
|
|
|
|
|
|
|
|
std::vector<std::unique_ptr<PsshGenerator>> pssh_generators;
|
|
|
|
|
std::vector<std::vector<uint8_t>> no_pssh_systems;
|
|
|
|
|
FillPsshGenerators(encryption_params, &pssh_generators, &no_pssh_systems);
|
|
|
|
|
|
|
|
|
|
encryption_config->key_system_info = encryption_key.key_system_info;
|
|
|
|
|
for (const auto& pssh_generator : pssh_generators) {
|
|
|
|
|
const bool support_multiple_keys = pssh_generator->SupportMultipleKeys();
|
|
|
|
|
if (support_multiple_keys) {
|
|
|
|
|
ProtectionSystemSpecificInfo info;
|
|
|
|
|
RETURN_IF_ERROR(pssh_generator->GeneratePsshFromKeyIds(
|
|
|
|
|
encryption_key.key_ids, &info));
|
|
|
|
|
AddProtectionSystemIfNotExist(info, encryption_config);
|
|
|
|
|
} else {
|
|
|
|
|
ProtectionSystemSpecificInfo info;
|
|
|
|
|
RETURN_IF_ERROR(pssh_generator->GeneratePsshFromKeyIdAndKey(
|
|
|
|
|
encryption_key.key_id, encryption_key.key, &info));
|
|
|
|
|
AddProtectionSystemIfNotExist(info, encryption_config);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (const auto& no_pssh_system : no_pssh_systems) {
|
|
|
|
|
ProtectionSystemSpecificInfo info;
|
|
|
|
|
info.system_id = no_pssh_system;
|
|
|
|
|
AddProtectionSystemIfNotExist(info, encryption_config);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return Status::OK;
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-02 18:28:29 +00:00
|
|
|
|
} // namespace
|
|
|
|
|
|
2017-07-05 23:47:55 +00:00
|
|
|
|
EncryptionHandler::EncryptionHandler(const EncryptionParams& encryption_params,
|
|
|
|
|
KeySource* key_source)
|
|
|
|
|
: encryption_params_(encryption_params),
|
|
|
|
|
protection_scheme_(
|
|
|
|
|
static_cast<FourCC>(encryption_params.protection_scheme)),
|
2018-10-04 20:24:21 +00:00
|
|
|
|
key_source_(key_source),
|
2018-10-02 23:08:32 +00:00
|
|
|
|
subsample_generator_(
|
|
|
|
|
new SubsampleGenerator(encryption_params.vp9_subsample_encryption)),
|
2018-10-04 20:24:21 +00:00
|
|
|
|
encryptor_factory_(new AesEncryptorFactory) {}
|
2017-02-02 18:28:29 +00:00
|
|
|
|
|
2018-10-04 20:24:21 +00:00
|
|
|
|
EncryptionHandler::~EncryptionHandler() = default;
|
2017-02-02 18:28:29 +00:00
|
|
|
|
|
|
|
|
|
Status EncryptionHandler::InitializeInternal() {
|
2017-07-05 23:47:55 +00:00
|
|
|
|
if (!encryption_params_.stream_label_func) {
|
2017-05-22 20:31:41 +00:00
|
|
|
|
return Status(error::INVALID_ARGUMENT, "Stream label function not set.");
|
|
|
|
|
}
|
2017-02-02 18:28:29 +00:00
|
|
|
|
if (num_input_streams() != 1 || next_output_stream_index() != 1) {
|
|
|
|
|
return Status(error::INVALID_ARGUMENT,
|
|
|
|
|
"Expects exactly one input and output.");
|
|
|
|
|
}
|
|
|
|
|
return Status::OK;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Status EncryptionHandler::Process(std::unique_ptr<StreamData> stream_data) {
|
|
|
|
|
switch (stream_data->stream_data_type) {
|
|
|
|
|
case StreamDataType::kStreamInfo:
|
2017-09-12 17:24:24 +00:00
|
|
|
|
return ProcessStreamInfo(*stream_data->stream_info);
|
2017-03-11 02:48:04 +00:00
|
|
|
|
case StreamDataType::kSegmentInfo: {
|
2017-09-12 17:24:24 +00:00
|
|
|
|
std::shared_ptr<SegmentInfo> segment_info(new SegmentInfo(
|
|
|
|
|
*stream_data->segment_info));
|
|
|
|
|
|
2017-03-11 02:48:04 +00:00
|
|
|
|
segment_info->is_encrypted = remaining_clear_lead_ <= 0;
|
|
|
|
|
|
|
|
|
|
const bool key_rotation_enabled = crypto_period_duration_ != 0;
|
|
|
|
|
if (key_rotation_enabled)
|
|
|
|
|
segment_info->key_rotation_encryption_config = encryption_config_;
|
|
|
|
|
if (!segment_info->is_subsegment) {
|
|
|
|
|
if (key_rotation_enabled)
|
|
|
|
|
check_new_crypto_period_ = true;
|
Implement ChunkingHandler
This handler is a multi-in multi-out handler. If more than one input is
provided, there should be one and only one video stream; also, all inputs
should come from the same thread and are synchronized.
There can be multiple chunking handler running in different threads or even
different processes, we use the "consistent chunking algorithm" to make sure
the chunks in different streams are aligned without explicit communcating
with each other - which is not efficient and often difficult.
Consistent Chunking Algorithm:
1. Find the consistent chunkable boundary
Let the timestamps for video frames be (t1, t2, t3, ...). Then a
consistent chunkable boundary is simply the first chunkable boundary after
(tk / N) != (tk-1 / N), where '/' denotes integer division, and N is the
intended chunk duration.
2. Chunk only at the consistent chunkable boundary
This algorithm will make sure the chunks from different video streams are
aligned if they have aligned GoPs. However, this algorithm will only work
for video streams. To be able to chunk non video streams at similar
positions as video streams, ChunkingHandler is designed to accept one video
input and multiple non video inputs, the non video inputs are chunked when
the video input is chunked. If the inputs are synchronized - which is true
if the inputs come from the same demuxer, the video and non video chunks
are aligned.
Change-Id: Id3bad51ab14f311efdb8713b6cd36d36cf9e4639
2017-02-07 18:58:47 +00:00
|
|
|
|
if (remaining_clear_lead_ > 0)
|
2017-03-11 02:48:04 +00:00
|
|
|
|
remaining_clear_lead_ -= segment_info->duration;
|
Implement ChunkingHandler
This handler is a multi-in multi-out handler. If more than one input is
provided, there should be one and only one video stream; also, all inputs
should come from the same thread and are synchronized.
There can be multiple chunking handler running in different threads or even
different processes, we use the "consistent chunking algorithm" to make sure
the chunks in different streams are aligned without explicit communcating
with each other - which is not efficient and often difficult.
Consistent Chunking Algorithm:
1. Find the consistent chunkable boundary
Let the timestamps for video frames be (t1, t2, t3, ...). Then a
consistent chunkable boundary is simply the first chunkable boundary after
(tk / N) != (tk-1 / N), where '/' denotes integer division, and N is the
intended chunk duration.
2. Chunk only at the consistent chunkable boundary
This algorithm will make sure the chunks from different video streams are
aligned if they have aligned GoPs. However, this algorithm will only work
for video streams. To be able to chunk non video streams at similar
positions as video streams, ChunkingHandler is designed to accept one video
input and multiple non video inputs, the non video inputs are chunked when
the video input is chunked. If the inputs are synchronized - which is true
if the inputs come from the same demuxer, the video and non video chunks
are aligned.
Change-Id: Id3bad51ab14f311efdb8713b6cd36d36cf9e4639
2017-02-07 18:58:47 +00:00
|
|
|
|
}
|
2017-09-12 17:24:24 +00:00
|
|
|
|
|
|
|
|
|
return DispatchSegmentInfo(kStreamIndex, segment_info);
|
2017-03-11 02:48:04 +00:00
|
|
|
|
}
|
2017-02-02 18:28:29 +00:00
|
|
|
|
case StreamDataType::kMediaSample:
|
2017-09-12 17:24:24 +00:00
|
|
|
|
return ProcessMediaSample(std::move(stream_data->media_sample));
|
2017-02-02 18:28:29 +00:00
|
|
|
|
default:
|
|
|
|
|
VLOG(3) << "Stream data type "
|
|
|
|
|
<< static_cast<int>(stream_data->stream_data_type) << " ignored.";
|
2017-09-12 17:24:24 +00:00
|
|
|
|
return Dispatch(std::move(stream_data));
|
2017-02-02 18:28:29 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-12 17:24:24 +00:00
|
|
|
|
Status EncryptionHandler::ProcessStreamInfo(const StreamInfo& clear_info) {
|
|
|
|
|
if (clear_info.is_encrypted()) {
|
2017-02-02 18:28:29 +00:00
|
|
|
|
return Status(error::INVALID_ARGUMENT,
|
|
|
|
|
"Input stream is already encrypted.");
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-12 17:24:24 +00:00
|
|
|
|
DCHECK_NE(kStreamUnknown, clear_info.stream_type());
|
|
|
|
|
DCHECK_NE(kStreamText, clear_info.stream_type());
|
|
|
|
|
std::shared_ptr<StreamInfo> stream_info = clear_info.Clone();
|
2018-10-02 23:08:32 +00:00
|
|
|
|
RETURN_IF_ERROR(
|
|
|
|
|
subsample_generator_->Initialize(protection_scheme_, *stream_info));
|
2017-09-12 17:24:24 +00:00
|
|
|
|
|
2017-02-02 18:28:29 +00:00
|
|
|
|
remaining_clear_lead_ =
|
2017-07-05 23:47:55 +00:00
|
|
|
|
encryption_params_.clear_lead_in_seconds * stream_info->time_scale();
|
2017-02-02 18:28:29 +00:00
|
|
|
|
crypto_period_duration_ =
|
2017-07-05 23:47:55 +00:00
|
|
|
|
encryption_params_.crypto_period_duration_in_seconds *
|
2017-02-02 18:28:29 +00:00
|
|
|
|
stream_info->time_scale();
|
2017-03-11 02:48:04 +00:00
|
|
|
|
codec_ = stream_info->codec();
|
2017-06-13 21:54:12 +00:00
|
|
|
|
stream_label_ = GetStreamLabelForEncryption(
|
2017-07-05 23:47:55 +00:00
|
|
|
|
*stream_info, encryption_params_.stream_label_func);
|
2017-02-02 18:28:29 +00:00
|
|
|
|
|
2018-10-02 23:08:32 +00:00
|
|
|
|
SetupProtectionPattern(stream_info->stream_type());
|
2017-03-11 02:48:04 +00:00
|
|
|
|
|
|
|
|
|
EncryptionKey encryption_key;
|
|
|
|
|
const bool key_rotation_enabled = crypto_period_duration_ != 0;
|
|
|
|
|
if (key_rotation_enabled) {
|
|
|
|
|
check_new_crypto_period_ = true;
|
2018-08-20 22:45:02 +00:00
|
|
|
|
// Setup dummy key id, key and iv to signal encryption for key rotation.
|
|
|
|
|
encryption_key.key_id.assign(std::begin(kKeyRotationDefaultKeyId),
|
|
|
|
|
std::end(kKeyRotationDefaultKeyId));
|
|
|
|
|
encryption_key.key.assign(std::begin(kKeyRotationDefaultKey),
|
|
|
|
|
std::end(kKeyRotationDefaultKey));
|
|
|
|
|
encryption_key.iv.assign(std::begin(kKeyRotationDefaultIv),
|
|
|
|
|
std::end(kKeyRotationDefaultIv));
|
2017-02-02 18:28:29 +00:00
|
|
|
|
} else {
|
2018-08-20 22:45:02 +00:00
|
|
|
|
RETURN_IF_ERROR(key_source_->GetKey(stream_label_, &encryption_key));
|
2017-02-02 18:28:29 +00:00
|
|
|
|
}
|
2017-03-11 02:48:04 +00:00
|
|
|
|
if (!CreateEncryptor(encryption_key))
|
|
|
|
|
return Status(error::ENCRYPTION_FAILURE, "Failed to create encryptor");
|
2017-02-02 18:28:29 +00:00
|
|
|
|
|
|
|
|
|
stream_info->set_is_encrypted(true);
|
2017-07-05 23:47:55 +00:00
|
|
|
|
stream_info->set_has_clear_lead(encryption_params_.clear_lead_in_seconds > 0);
|
2017-03-11 02:48:04 +00:00
|
|
|
|
stream_info->set_encryption_config(*encryption_config_);
|
2017-09-12 17:24:24 +00:00
|
|
|
|
|
|
|
|
|
return DispatchStreamInfo(kStreamIndex, stream_info);
|
2017-02-02 18:28:29 +00:00
|
|
|
|
}
|
|
|
|
|
|
2017-09-12 17:24:24 +00:00
|
|
|
|
Status EncryptionHandler::ProcessMediaSample(
|
|
|
|
|
std::shared_ptr<const MediaSample> clear_sample) {
|
|
|
|
|
DCHECK(clear_sample);
|
|
|
|
|
|
2018-10-02 23:08:32 +00:00
|
|
|
|
// Process the frame even if the frame is not encrypted as the next
|
|
|
|
|
// (encrypted) frame may be dependent on this clear frame.
|
|
|
|
|
std::vector<SubsampleEntry> subsamples;
|
|
|
|
|
RETURN_IF_ERROR(subsample_generator_->GenerateSubsamples(
|
|
|
|
|
clear_sample->data(), clear_sample->data_size(), &subsamples));
|
2017-02-02 18:28:29 +00:00
|
|
|
|
|
2017-03-11 02:48:04 +00:00
|
|
|
|
// Need to setup the encryptor for new segments even if this segment does not
|
|
|
|
|
// need to be encrypted, so we can signal encryption metadata earlier to
|
|
|
|
|
// allows clients to prefetch the keys.
|
|
|
|
|
if (check_new_crypto_period_) {
|
2018-07-27 22:50:41 +00:00
|
|
|
|
// |dts| can be negative, e.g. after EditList adjustments. Normalized to 0
|
|
|
|
|
// in that case.
|
|
|
|
|
const int64_t dts = std::max(clear_sample->dts(), static_cast<int64_t>(0));
|
|
|
|
|
const int64_t current_crypto_period_index = dts / crypto_period_duration_;
|
2021-08-04 18:56:44 +00:00
|
|
|
|
const int32_t crypto_period_duration_in_seconds = static_cast<int32_t>(
|
|
|
|
|
encryption_params_.crypto_period_duration_in_seconds);
|
2017-03-11 02:48:04 +00:00
|
|
|
|
if (current_crypto_period_index != prev_crypto_period_index_) {
|
|
|
|
|
EncryptionKey encryption_key;
|
2018-08-20 22:45:02 +00:00
|
|
|
|
RETURN_IF_ERROR(key_source_->GetCryptoPeriodKey(
|
2019-01-24 18:39:54 +00:00
|
|
|
|
current_crypto_period_index, crypto_period_duration_in_seconds,
|
|
|
|
|
stream_label_, &encryption_key));
|
2017-03-11 02:48:04 +00:00
|
|
|
|
if (!CreateEncryptor(encryption_key))
|
|
|
|
|
return Status(error::ENCRYPTION_FAILURE, "Failed to create encryptor");
|
2017-06-20 23:30:03 +00:00
|
|
|
|
prev_crypto_period_index_ = current_crypto_period_index;
|
2017-02-02 18:28:29 +00:00
|
|
|
|
}
|
2017-03-11 02:48:04 +00:00
|
|
|
|
check_new_crypto_period_ = false;
|
2017-02-02 18:28:29 +00:00
|
|
|
|
}
|
|
|
|
|
|
2017-09-12 17:24:24 +00:00
|
|
|
|
// Since there is no encryption needed right now, send the clear copy
|
|
|
|
|
// downstream so we can save the costs of copying it.
|
|
|
|
|
if (remaining_clear_lead_ > 0) {
|
|
|
|
|
return DispatchMediaSample(kStreamIndex, std::move(clear_sample));
|
|
|
|
|
}
|
2017-03-11 02:48:04 +00:00
|
|
|
|
|
2023-07-14 15:19:01 +00:00
|
|
|
|
size_t ciphertext_size =
|
2023-08-31 23:59:46 +00:00
|
|
|
|
encryptor_->RequiredOutputSize(clear_sample->data_size());
|
2023-07-14 15:19:01 +00:00
|
|
|
|
|
|
|
|
|
std::shared_ptr<uint8_t> cipher_sample_data(new uint8_t[ciphertext_size],
|
|
|
|
|
std::default_delete<uint8_t[]>());
|
2017-09-12 17:24:24 +00:00
|
|
|
|
|
2018-10-02 23:08:32 +00:00
|
|
|
|
const uint8_t* source = clear_sample->data();
|
|
|
|
|
uint8_t* dest = cipher_sample_data.get();
|
|
|
|
|
if (!subsamples.empty()) {
|
|
|
|
|
size_t total_size = 0;
|
|
|
|
|
for (const SubsampleEntry& subsample : subsamples) {
|
|
|
|
|
if (subsample.clear_bytes > 0) {
|
2023-07-14 15:19:01 +00:00
|
|
|
|
// clear_bytes is the number of bytes to leave in the clear
|
2018-10-02 23:08:32 +00:00
|
|
|
|
memcpy(dest, source, subsample.clear_bytes);
|
|
|
|
|
source += subsample.clear_bytes;
|
|
|
|
|
dest += subsample.clear_bytes;
|
|
|
|
|
total_size += subsample.clear_bytes;
|
|
|
|
|
}
|
|
|
|
|
if (subsample.cipher_bytes > 0) {
|
2023-07-14 15:19:01 +00:00
|
|
|
|
// cipher_bytes is the number of bytes we want to encrypt
|
|
|
|
|
EncryptBytes(source, subsample.cipher_bytes, dest, ciphertext_size);
|
2018-10-02 23:08:32 +00:00
|
|
|
|
source += subsample.cipher_bytes;
|
|
|
|
|
dest += subsample.cipher_bytes;
|
|
|
|
|
total_size += subsample.cipher_bytes;
|
|
|
|
|
}
|
2017-09-18 23:31:00 +00:00
|
|
|
|
}
|
2018-10-02 23:08:32 +00:00
|
|
|
|
DCHECK_EQ(total_size, clear_sample->data_size());
|
2017-09-18 23:31:00 +00:00
|
|
|
|
} else {
|
2023-07-14 15:19:01 +00:00
|
|
|
|
EncryptBytes(source, clear_sample->data_size(), dest, ciphertext_size);
|
2017-09-12 17:24:24 +00:00
|
|
|
|
}
|
|
|
|
|
|
2018-10-02 23:08:32 +00:00
|
|
|
|
std::shared_ptr<MediaSample> cipher_sample(clear_sample->Clone());
|
2017-09-18 23:31:00 +00:00
|
|
|
|
cipher_sample->TransferData(std::move(cipher_sample_data),
|
|
|
|
|
clear_sample->data_size());
|
2018-10-02 23:08:32 +00:00
|
|
|
|
|
2017-09-12 17:24:24 +00:00
|
|
|
|
// Finish initializing the sample before sending it downstream. We must
|
2017-09-18 23:31:00 +00:00
|
|
|
|
// wait until now to finish the initialization as we will lose access to
|
2017-09-12 17:24:24 +00:00
|
|
|
|
// |decrypt_config| once we set it.
|
|
|
|
|
cipher_sample->set_is_encrypted(true);
|
2018-10-02 23:08:32 +00:00
|
|
|
|
std::unique_ptr<DecryptConfig> decrypt_config(new DecryptConfig(
|
|
|
|
|
encryption_config_->key_id, encryptor_->iv(), subsamples,
|
|
|
|
|
protection_scheme_, crypt_byte_block_, skip_byte_block_));
|
2017-09-12 17:24:24 +00:00
|
|
|
|
cipher_sample->set_decrypt_config(std::move(decrypt_config));
|
|
|
|
|
|
2017-09-18 23:31:00 +00:00
|
|
|
|
encryptor_->UpdateIv();
|
|
|
|
|
|
2017-09-12 17:24:24 +00:00
|
|
|
|
return DispatchMediaSample(kStreamIndex, std::move(cipher_sample));
|
2017-02-02 18:28:29 +00:00
|
|
|
|
}
|
|
|
|
|
|
2018-10-02 23:08:32 +00:00
|
|
|
|
void EncryptionHandler::SetupProtectionPattern(StreamType stream_type) {
|
2018-10-04 20:24:21 +00:00
|
|
|
|
if (stream_type == kStreamVideo &&
|
|
|
|
|
IsPatternEncryptionScheme(protection_scheme_)) {
|
2020-02-10 08:31:45 +00:00
|
|
|
|
crypt_byte_block_ = encryption_params_.crypt_byte_block;
|
|
|
|
|
skip_byte_block_ = encryption_params_.skip_byte_block;
|
2018-10-04 20:24:21 +00:00
|
|
|
|
} else {
|
|
|
|
|
// Audio stream in pattern encryption scheme does not use pattern; it uses
|
|
|
|
|
// whole-block full sample encryption instead. Non-pattern encryption does
|
|
|
|
|
// not have pattern.
|
|
|
|
|
crypt_byte_block_ = 0u;
|
|
|
|
|
skip_byte_block_ = 0u;
|
2017-03-11 02:48:04 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool EncryptionHandler::CreateEncryptor(const EncryptionKey& encryption_key) {
|
2018-10-04 20:24:21 +00:00
|
|
|
|
std::unique_ptr<AesCryptor> encryptor = encryptor_factory_->CreateEncryptor(
|
|
|
|
|
protection_scheme_, crypt_byte_block_, skip_byte_block_, codec_,
|
|
|
|
|
encryption_key.key, encryption_key.iv);
|
|
|
|
|
if (!encryptor)
|
|
|
|
|
return false;
|
2017-02-02 18:28:29 +00:00
|
|
|
|
encryptor_ = std::move(encryptor);
|
2017-03-11 02:48:04 +00:00
|
|
|
|
|
|
|
|
|
encryption_config_.reset(new EncryptionConfig);
|
2017-07-05 23:47:55 +00:00
|
|
|
|
encryption_config_->protection_scheme = protection_scheme_;
|
2017-03-11 02:48:04 +00:00
|
|
|
|
encryption_config_->crypt_byte_block = crypt_byte_block_;
|
|
|
|
|
encryption_config_->skip_byte_block = skip_byte_block_;
|
2018-10-04 20:24:21 +00:00
|
|
|
|
|
|
|
|
|
const std::vector<uint8_t>& iv = encryptor_->iv();
|
2017-03-11 02:48:04 +00:00
|
|
|
|
if (encryptor_->use_constant_iv()) {
|
|
|
|
|
encryption_config_->per_sample_iv_size = 0;
|
|
|
|
|
encryption_config_->constant_iv = iv;
|
|
|
|
|
} else {
|
2017-03-22 16:57:18 +00:00
|
|
|
|
encryption_config_->per_sample_iv_size = static_cast<uint8_t>(iv.size());
|
2017-03-11 02:48:04 +00:00
|
|
|
|
}
|
2018-10-04 20:24:21 +00:00
|
|
|
|
|
2017-03-11 02:48:04 +00:00
|
|
|
|
encryption_config_->key_id = encryption_key.key_id;
|
2020-06-01 22:26:31 +00:00
|
|
|
|
const auto status = FillProtectionSystemInfo(
|
|
|
|
|
encryption_params_, encryption_key, encryption_config_.get());
|
|
|
|
|
return status.ok();
|
2017-02-02 18:28:29 +00:00
|
|
|
|
}
|
|
|
|
|
|
2017-09-18 23:31:00 +00:00
|
|
|
|
void EncryptionHandler::EncryptBytes(const uint8_t* source,
|
|
|
|
|
size_t source_size,
|
2023-07-14 15:19:01 +00:00
|
|
|
|
uint8_t* dest,
|
|
|
|
|
size_t dest_size) {
|
2017-09-18 23:31:00 +00:00
|
|
|
|
DCHECK(source);
|
|
|
|
|
DCHECK(dest);
|
2017-02-02 18:28:29 +00:00
|
|
|
|
DCHECK(encryptor_);
|
2023-07-14 15:19:01 +00:00
|
|
|
|
CHECK(encryptor_->Crypt(source, source_size, dest, &dest_size));
|
2017-02-02 18:28:29 +00:00
|
|
|
|
}
|
|
|
|
|
|
2018-10-02 23:08:32 +00:00
|
|
|
|
void EncryptionHandler::InjectSubsampleGeneratorForTesting(
|
|
|
|
|
std::unique_ptr<SubsampleGenerator> generator) {
|
|
|
|
|
subsample_generator_ = std::move(generator);
|
2017-02-02 18:28:29 +00:00
|
|
|
|
}
|
|
|
|
|
|
2018-10-04 20:24:21 +00:00
|
|
|
|
void EncryptionHandler::InjectEncryptorFactoryForTesting(
|
|
|
|
|
std::unique_ptr<AesEncryptorFactory> encryptor_factory) {
|
|
|
|
|
encryptor_factory_ = std::move(encryptor_factory);
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-02 18:28:29 +00:00
|
|
|
|
} // namespace media
|
|
|
|
|
} // namespace shaka
|