DASH Media Packaging SDK
 All Classes Namespaces Functions Variables Typedefs Enumerator
encrypting_fragmenter.cc
1 // Copyright 2014 Google Inc. All rights reserved.
2 //
3 // Use of this source code is governed by a BSD-style
4 // license that can be found in the LICENSE file or at
5 // https://developers.google.com/open-source/licenses/bsd
6 
7 #include "packager/media/formats/mp4/encrypting_fragmenter.h"
8 
9 #include <limits>
10 
11 #include "packager/media/base/aes_encryptor.h"
12 #include "packager/media/base/aes_pattern_cryptor.h"
13 #include "packager/media/base/buffer_reader.h"
14 #include "packager/media/base/key_source.h"
15 #include "packager/media/base/media_sample.h"
16 #include "packager/media/filters/nalu_reader.h"
17 #include "packager/media/filters/vp8_parser.h"
18 #include "packager/media/filters/vp9_parser.h"
19 #include "packager/media/formats/mp4/box_definitions.h"
20 
21 namespace edash_packager {
22 namespace media {
23 namespace mp4 {
24 
25 namespace {
26 const size_t kCencBlockSize = 16u;
27 
28 // Adds one or more subsamples to |*subsamples|. This may add more than one
29 // if one of the values overflows the integer in the subsample.
30 void AddSubsamples(uint64_t clear_bytes,
31  uint64_t cipher_bytes,
32  std::vector<SubsampleEntry>* subsamples) {
33  CHECK_LT(cipher_bytes, std::numeric_limits<uint32_t>::max());
34  const uint64_t kUInt16Max = std::numeric_limits<uint16_t>::max();
35  while (clear_bytes > kUInt16Max) {
36  subsamples->push_back(SubsampleEntry(kUInt16Max, 0));
37  clear_bytes -= kUInt16Max;
38  }
39 
40  if (clear_bytes > 0 || cipher_bytes > 0)
41  subsamples->push_back(SubsampleEntry(clear_bytes, cipher_bytes));
42 }
43 
44 VideoCodec GetVideoCodec(const StreamInfo& stream_info) {
45  if (stream_info.stream_type() != kStreamVideo)
46  return kUnknownVideoCodec;
47  const VideoStreamInfo& video_stream_info =
48  static_cast<const VideoStreamInfo&>(stream_info);
49  return video_stream_info.codec();
50 }
51 
52 uint8_t GetNaluLengthSize(const StreamInfo& stream_info) {
53  if (stream_info.stream_type() != kStreamVideo)
54  return 0;
55 
56  const VideoStreamInfo& video_stream_info =
57  static_cast<const VideoStreamInfo&>(stream_info);
58  return video_stream_info.nalu_length_size();
59 }
60 } // namespace
61 
62 EncryptingFragmenter::EncryptingFragmenter(
63  scoped_refptr<StreamInfo> info,
64  TrackFragment* traf,
65  scoped_ptr<EncryptionKey> encryption_key,
66  int64_t clear_time,
67  FourCC protection_scheme,
68  uint8_t crypt_byte_block,
69  uint8_t skip_byte_block)
70  : Fragmenter(traf),
71  info_(info),
72  encryption_key_(encryption_key.Pass()),
73  nalu_length_size_(GetNaluLengthSize(*info)),
74  video_codec_(GetVideoCodec(*info)),
75  clear_time_(clear_time),
76  protection_scheme_(protection_scheme),
77  crypt_byte_block_(crypt_byte_block),
78  skip_byte_block_(skip_byte_block) {
79  DCHECK(encryption_key_);
80  switch (video_codec_) {
81  case kCodecVP8:
82  vpx_parser_.reset(new VP8Parser);
83  break;
84  case kCodecVP9:
85  vpx_parser_.reset(new VP9Parser);
86  break;
87  case kCodecH264:
88  header_parser_.reset(new H264VideoSliceHeaderParser);
89  break;
90  case kCodecHVC1:
91  FALLTHROUGH_INTENDED;
92  case kCodecHEV1:
93  header_parser_.reset(new H265VideoSliceHeaderParser);
94  break;
95  default:
96  if (nalu_length_size_ > 0) {
97  LOG(WARNING) << "Unknown video codec '" << video_codec_
98  << "', whole subsamples will be encrypted.";
99  }
100  }
101 }
102 
103 EncryptingFragmenter::~EncryptingFragmenter() {}
104 
105 Status EncryptingFragmenter::AddSample(scoped_refptr<MediaSample> sample) {
106  DCHECK(sample);
107  if (!fragment_initialized()) {
108  Status status = InitializeFragment(sample->dts());
109  if (!status.ok())
110  return status;
111  }
112  if (encryptor_) {
113  Status status = EncryptSample(sample);
114  if (!status.ok())
115  return status;
116  }
117  return Fragmenter::AddSample(sample);
118 }
119 
120 Status EncryptingFragmenter::InitializeFragment(int64_t first_sample_dts) {
121  Status status = Fragmenter::InitializeFragment(first_sample_dts);
122  if (!status.ok())
123  return status;
124 
125  if (header_parser_ && !header_parser_->Initialize(info_->extra_data()))
126  return Status(error::MUXER_FAILURE, "Fail to read SPS and PPS data.");
127 
128  traf()->auxiliary_size.sample_info_sizes.clear();
129  traf()->auxiliary_offset.offsets.clear();
130  if (IsSubsampleEncryptionRequired()) {
131  traf()->sample_encryption.flags |=
132  SampleEncryption::kUseSubsampleEncryption;
133  }
134  traf()->sample_encryption.sample_encryption_entries.clear();
135 
136  const bool enable_encryption = clear_time_ <= 0;
137  if (!enable_encryption) {
138  // This fragment should be in clear text.
139  // At most two sample description entries, an encrypted entry and a clear
140  // entry, are generated. The 1-based clear entry index is always 2.
141  const uint32_t kClearSampleDescriptionIndex = 2;
142 
143  traf()->header.flags |=
144  TrackFragmentHeader::kSampleDescriptionIndexPresentMask;
145  traf()->header.sample_description_index = kClearSampleDescriptionIndex;
146  }
147  return PrepareFragmentForEncryption(enable_encryption);
148 }
149 
150 void EncryptingFragmenter::FinalizeFragment() {
151  if (encryptor_) {
152  DCHECK_LE(clear_time_, 0);
153  FinalizeFragmentForEncryption();
154  } else {
155  DCHECK_GT(clear_time_, 0);
156  clear_time_ -= fragment_duration();
157  }
158  Fragmenter::FinalizeFragment();
159 }
160 
161 Status EncryptingFragmenter::PrepareFragmentForEncryption(
162  bool enable_encryption) {
163  return (!enable_encryption || encryptor_) ? Status::OK : CreateEncryptor();
164 }
165 
166 void EncryptingFragmenter::FinalizeFragmentForEncryption() {
167  // The offset will be adjusted in Segmenter after knowing moof size.
168  traf()->auxiliary_offset.offsets.push_back(0);
169 
170  // For 'cbcs' scheme, Constant IVs SHALL be used.
171  const size_t per_sample_iv_size =
172  (protection_scheme_ == FOURCC_cbcs) ? 0 : encryptor_->iv().size();
173  traf()->sample_encryption.iv_size = per_sample_iv_size;
174 
175  // Optimize saiz box.
176  SampleAuxiliaryInformationSize& saiz = traf()->auxiliary_size;
177  saiz.sample_count = traf()->runs[0].sample_sizes.size();
178  if (!saiz.sample_info_sizes.empty()) {
179  if (!OptimizeSampleEntries(&saiz.sample_info_sizes,
180  &saiz.default_sample_info_size)) {
181  saiz.default_sample_info_size = 0;
182  }
183  } else {
184  // |sample_info_sizes| table is filled in only for subsample encryption,
185  // otherwise |sample_info_size| is just the IV size.
186  DCHECK(!IsSubsampleEncryptionRequired());
187  saiz.default_sample_info_size = per_sample_iv_size;
188  }
189  // It should only happen with full sample encryption + constant iv, which is
190  // not a legal combination.
191  CHECK(!saiz.sample_info_sizes.empty() || saiz.default_sample_info_size != 0);
192 }
193 
194 Status EncryptingFragmenter::CreateEncryptor() {
195  DCHECK(encryption_key_);
196  scoped_ptr<AesCryptor> encryptor;
197  switch (protection_scheme_) {
198  case FOURCC_cenc:
199  encryptor.reset(new AesCtrEncryptor);
200  break;
201  case FOURCC_cbc1:
202  encryptor.reset(new AesCbcEncryptor(kNoPadding));
203  break;
204  case FOURCC_cens:
205  encryptor.reset(new AesPatternCryptor(
206  crypt_byte_block(), skip_byte_block(), AesCryptor::kDontUseConstantIv,
207  scoped_ptr<AesCryptor>(new AesCtrEncryptor)));
208  break;
209  case FOURCC_cbcs:
210  encryptor.reset(new AesPatternCryptor(
211  crypt_byte_block(), skip_byte_block(), AesCryptor::kUseConstantIv,
212  scoped_ptr<AesCryptor>(new AesCbcEncryptor(kNoPadding))));
213  break;
214  default:
215  return Status(error::MUXER_FAILURE, "Unsupported protection scheme.");
216  }
217 
218  DCHECK(!encryption_key_->iv.empty());
219  const bool initialized =
220  encryptor->InitializeWithIv(encryption_key_->key, encryption_key_->iv);
221  if (!initialized)
222  return Status(error::MUXER_FAILURE, "Failed to create the encryptor.");
223  encryptor_ = encryptor.Pass();
224  return Status::OK;
225 }
226 
227 void EncryptingFragmenter::EncryptBytes(uint8_t* data, uint32_t size) {
228  DCHECK(encryptor_);
229  CHECK(encryptor_->Crypt(data, size, data));
230 }
231 
232 Status EncryptingFragmenter::EncryptSample(scoped_refptr<MediaSample> sample) {
233  DCHECK(encryptor_);
234 
235  SampleEncryptionEntry sample_encryption_entry;
236  // For 'cbcs' scheme, Constant IVs SHALL be used.
237  if (protection_scheme_ != FOURCC_cbcs)
238  sample_encryption_entry.initialization_vector = encryptor_->iv();
239  uint8_t* data = sample->writable_data();
240  if (IsSubsampleEncryptionRequired()) {
241  if (vpx_parser_) {
242  std::vector<VPxFrameInfo> vpx_frames;
243  if (!vpx_parser_->Parse(sample->data(), sample->data_size(),
244  &vpx_frames)) {
245  return Status(error::MUXER_FAILURE, "Failed to parse vpx frame.");
246  }
247 
248  const bool is_superframe = vpx_frames.size() > 1;
249  for (const VPxFrameInfo& frame : vpx_frames) {
250  SubsampleEntry subsample;
251  subsample.clear_bytes = frame.uncompressed_header_size;
252  subsample.cipher_bytes =
253  frame.frame_size - frame.uncompressed_header_size;
254 
255  // "VP Codec ISO Media File Format Binding" document requires that the
256  // encrypted bytes of each frame within the superframe must be block
257  // aligned so that the counter state can be computed for each frame
258  // within the superframe.
259  // For AES-CBC mode 'cbc1' scheme, clear data is sized appropriately so
260  // that the cipher data is block aligned.
261  if (is_superframe || protection_scheme_ == FOURCC_cbc1) {
262  const uint16_t misalign_bytes =
263  subsample.cipher_bytes % kCencBlockSize;
264  subsample.clear_bytes += misalign_bytes;
265  subsample.cipher_bytes -= misalign_bytes;
266  }
267 
268  sample_encryption_entry.subsamples.push_back(subsample);
269  if (subsample.cipher_bytes > 0)
270  EncryptBytes(data + subsample.clear_bytes, subsample.cipher_bytes);
271  data += frame.frame_size;
272  }
273  } else {
274  const NaluReader::CodecType nalu_type =
275  (video_codec_ == kCodecHVC1 || video_codec_ == kCodecHEV1)
276  ? NaluReader::kH265
277  : NaluReader::kH264;
278  NaluReader reader(nalu_type, nalu_length_size_, data,
279  sample->data_size());
280 
281  // Store the current length of clear data. This is used to squash
282  // multiple unencrypted NAL units into fewer subsample entries.
283  uint64_t accumulated_clear_bytes = 0;
284 
285  Nalu nalu;
286  NaluReader::Result result;
287  while ((result = reader.Advance(&nalu)) == NaluReader::kOk) {
288  if (nalu.is_video_slice()) {
289  // For video-slice NAL units, encrypt the video slice. This skips
290  // the frame header. If this is an unrecognized codec (e.g. H.265),
291  // the whole NAL unit will be encrypted.
292  const int64_t video_slice_header_size =
293  header_parser_ ? header_parser_->GetHeaderSize(nalu) : 0;
294  if (video_slice_header_size < 0)
295  return Status(error::MUXER_FAILURE, "Failed to read slice header.");
296 
297  uint64_t current_clear_bytes =
298  nalu.header_size() + video_slice_header_size;
299  uint64_t cipher_bytes = nalu.payload_size() - video_slice_header_size;
300 
301  // For AES-CBC mode 'cbc1' scheme, clear data is sized appropriately
302  // so that the cipher data is block aligned.
303  if (protection_scheme_ == FOURCC_cbc1) {
304  const uint16_t misalign_bytes = cipher_bytes % kCencBlockSize;
305  current_clear_bytes += misalign_bytes;
306  cipher_bytes -= misalign_bytes;
307  }
308 
309  const uint8_t* nalu_data = nalu.data() + current_clear_bytes;
310  EncryptBytes(const_cast<uint8_t*>(nalu_data), cipher_bytes);
311 
312  AddSubsamples(
313  accumulated_clear_bytes + nalu_length_size_ + current_clear_bytes,
314  cipher_bytes, &sample_encryption_entry.subsamples);
315  accumulated_clear_bytes = 0;
316  } else {
317  // For non-video-slice NAL units, don't encrypt.
318  accumulated_clear_bytes +=
319  nalu_length_size_ + nalu.header_size() + nalu.payload_size();
320  }
321  }
322  if (result != NaluReader::kEOStream)
323  return Status(error::MUXER_FAILURE, "Failed to parse NAL units.");
324  AddSubsamples(accumulated_clear_bytes, 0,
325  &sample_encryption_entry.subsamples);
326  }
327 
328  // The length of per-sample auxiliary datum, defined in CENC ch. 7.
329  traf()->auxiliary_size.sample_info_sizes.push_back(
330  sample_encryption_entry.ComputeSize());
331  } else {
332  EncryptBytes(data, sample->data_size());
333  }
334 
335  traf()->sample_encryption.sample_encryption_entries.push_back(
336  sample_encryption_entry);
337  encryptor_->UpdateIv();
338  return Status::OK;
339 }
340 
341 bool EncryptingFragmenter::IsSubsampleEncryptionRequired() {
342  return vpx_parser_ || nalu_length_size_ != 0;
343 }
344 
345 } // namespace mp4
346 } // namespace media
347 } // namespace edash_packager
edash_packager::media::mp4::SampleAuxiliaryInformationSize
Definition: box_definitions.h:69
edash_packager::media::mp4::Fragmenter
Definition: fragmenter.h:30
edash_packager::media::mp4::H265VideoSliceHeaderParser
Definition: video_slice_header_parser.h:54
edash_packager::media::mp4::EncryptingFragmenter::CreateEncryptor
Status CreateEncryptor()
Definition: encrypting_fragmenter.cc:194
edash_packager::media::Status
Definition: status.h:75
edash_packager::media::mp4::EncryptingFragmenter::InitializeFragment
Status InitializeFragment(int64_t first_sample_dts) override
Definition: encrypting_fragmenter.cc:120
edash_packager::media::mp4::Fragmenter::InitializeFragment
virtual Status InitializeFragment(int64_t first_sample_dts)
Definition: fragmenter.cc:76
edash_packager::media::mp4::Fragmenter::AddSample
virtual Status AddSample(scoped_refptr< MediaSample > sample)
Definition: fragmenter.cc:36
edash_packager::media::VP9Parser
Class to parse a vp9 bit stream.
Definition: vp9_parser.h:20
edash_packager::media::mp4::Fragmenter::OptimizeSampleEntries
bool OptimizeSampleEntries(std::vector< T > *entries, T *default_value)
Definition: fragmenter.h:89
edash_packager::media::mp4::EncryptingFragmenter::AddSample
Status AddSample(scoped_refptr< MediaSample > sample) override
Definition: encrypting_fragmenter.cc:105
edash_packager::media::AesPatternCryptor
Implements pattern-based encryption/decryption.
Definition: aes_pattern_cryptor.h:16
edash_packager::media::AesCtrEncryptor
Definition: aes_encryptor.h:43
edash_packager::media::mp4::EncryptingFragmenter::FinalizeFragment
void FinalizeFragment() override
Finalize and optimize the fragment.
Definition: encrypting_fragmenter.cc:150
edash_packager::media::mp4::TrackFragment
Definition: box_definitions.h:689
edash_packager::media::VP8Parser
Definition: vp8_parser.h:21
edash_packager::media::mp4::EncryptingFragmenter::PrepareFragmentForEncryption
virtual Status PrepareFragmentForEncryption(bool enable_encryption)
Definition: encrypting_fragmenter.cc:161
edash_packager::media::mp4::H264VideoSliceHeaderParser
Definition: video_slice_header_parser.h:37
edash_packager::media::mp4::EncryptingFragmenter::FinalizeFragmentForEncryption
virtual void FinalizeFragmentForEncryption()
Finalize current fragment for encryption.
Definition: encrypting_fragmenter.cc:166
edash_packager::media::mp4::Fragmenter::FinalizeFragment
virtual void FinalizeFragment()
Finalize and optimize the fragment.
Definition: fragmenter.cc:93
edash_packager::media::AesCbcEncryptor
Definition: aes_encryptor.h:78
edash_packager::media::mp4::EncryptingFragmenter::EncryptingFragmenter
EncryptingFragmenter(scoped_refptr< StreamInfo > info, TrackFragment *traf, scoped_ptr< EncryptionKey > encryption_key, int64_t clear_time, FourCC protection_scheme, uint8_t crypt_byte_block, uint8_t skip_byte_block)
Definition: encrypting_fragmenter.cc:62
Generated on Thu Apr 21 2016 19:13:10 for DASH Media Packaging SDK by   doxygen 1.8.6