mbedtls works very differently from BoringSSL, and many changes had to
be made in the details of AES decryption to accomodate this.
Beyond the basic changes required for mbedtls, part of the CTS padding
implementation had to be rewritten. I believe this is because of an
assumption that held for BoringSSL, but not for mbedtls. I was unable to
determine what it was, so I rewrote the CTS decryption using reference
materials. After this, tests passed.
The deterministc PRNG I used with mbedtls in the RSA tests differs
somewhat from the old one, so the expected vectors had to be
regenerated. The old determinstic tests were also disabled, and are now
re-enabled.
Since cryptography is sensitive code, and because there were far more
changes needed here than just updating some headers and utility function
calls, this has been split into its own PR for separate review from the
rest of the media/base porting work.
Issue #1047 (CMake porting)
Issue #346 (absl porting)
The IV was incorrectly updated across samples.
Created a new cryptor SampleAesEc3Cryptor specially for SAMPLE-AES
EC3 encryption / decryption. The new cryptor uses constant-iv, and
makes sure the IV is reset to the initial value at the beginning
of each audio frame and chained across syncframes within the the
audio frame.
Also added E-AC3 end to end test.
Fixes#279
Change-Id: I0aa60c17836daeef5ba433a05e5ff0906191d9ac
- Tracks other than video are protected using whole-block full-sample
encryption as specified in ISO/IEC 23001-7:2016(E) 9.7, which is
equivalent to a pattern of 1:0. This is different to the non pattern
encryption counterparts.
- Also updated the code to allow the existence of other protection
schemes in the original content, which will simply be ignored.
- The internal cryptor used by AesPatternCryptor should not use
constant iv, add a DCHECK for that.
- Optimize AesPatternCryptor handling on the special pattern 1:0.
Change-Id: Idc704e7bc6b347741336f38c6d3620fc19392960
- CBC cryptors should accept IV of size 8 bytes - it will be zero
extended to 16 bytes.
- Fixed iv() not updated problem in AesPatternCryptor.
- Replace kChainAcrossCalls with ConstantIvFlag enum flags.
Change-Id: I3fb4de0e8abbe891e6271e779373ba53f8df660d
- Remove EncryptionMode enums
- Remove AesEncryptor::InitializeWithRandomIv, replaced with
a static function AesCryptor::GenerateRandomIv, which should
be called to generate the iv if the iv is empty.
This change is to prepare support for CBCS and CENS pattern-based
protection schemes.
Issue #77
Change-Id: Icba35089d6e451cbea7ebbf5dd5674079f206390
- Create AesCryptor class as the common base
- AesCryptor::Crypt function will serve as an Encrypt function for
encryptor and a Decrypt function for Decryptor.
Change-Id: Ie91fb14964b5091786705bf510656f40d73af160
Joey Parrish
KongQun Yang