DASH Media Packaging SDK
 All Classes Namespaces Functions Variables Typedefs Enumerator
aes_cryptor.cc
1 // Copyright 2016 Google Inc. All rights reserved.
2 //
3 // Use of this source code is governed by a BSD-style
4 // license that can be found in the LICENSE file or at
5 // https://developers.google.com/open-source/licenses/bsd
6 
7 #include "packager/media/base/aes_cryptor.h"
8 
9 #include <string>
10 #include <vector>
11 
12 #include <openssl/aes.h>
13 #include <openssl/err.h>
14 #include <openssl/rand.h>
15 
16 #include "packager/base/logging.h"
17 #include "packager/base/stl_util.h"
18 
19 namespace {
20 
21 // According to ISO/IEC 23001-7:2016 CENC spec, IV should be either
22 // 64-bit (8-byte) or 128-bit (16-byte).
23 bool IsIvSizeValid(size_t iv_size) {
24  return iv_size == 8 || iv_size == 16;
25 }
26 
27 } // namespace
28 
29 namespace edash_packager {
30 namespace media {
31 
32 AesCryptor::AesCryptor(ConstantIvFlag constant_iv_flag)
33  : aes_key_(new AES_KEY),
34  constant_iv_flag_(constant_iv_flag),
35  num_crypt_bytes_(0) {}
36 
37 AesCryptor::~AesCryptor() {}
38 
39 bool AesCryptor::Crypt(const std::vector<uint8_t>& text,
40  std::vector<uint8_t>* crypt_text) {
41  // Save text size to make it work for in-place conversion, since the
42  // next statement will update the text size.
43  const size_t text_size = text.size();
44  crypt_text->resize(text_size + NumPaddingBytes(text_size));
45  size_t crypt_text_size = crypt_text->size();
46  if (!Crypt(text.data(), text_size, crypt_text->data(), &crypt_text_size)) {
47  return false;
48  }
49  DCHECK_LE(crypt_text_size, crypt_text->size());
50  crypt_text->resize(crypt_text_size);
51  return true;
52 }
53 
54 bool AesCryptor::Crypt(const std::string& text, std::string* crypt_text) {
55  // Save text size to make it work for in-place conversion, since the
56  // next statement will update the text size.
57  const size_t text_size = text.size();
58  crypt_text->resize(text_size + NumPaddingBytes(text_size));
59  size_t crypt_text_size = crypt_text->size();
60  if (!Crypt(reinterpret_cast<const uint8_t*>(text.data()), text_size,
61  reinterpret_cast<uint8_t*>(string_as_array(crypt_text)),
62  &crypt_text_size))
63  return false;
64  DCHECK_LE(crypt_text_size, crypt_text->size());
65  crypt_text->resize(crypt_text_size);
66  return true;
67 }
68 
69 bool AesCryptor::SetIv(const std::vector<uint8_t>& iv) {
70  if (!IsIvSizeValid(iv.size())) {
71  LOG(ERROR) << "Invalid IV size: " << iv.size();
72  return false;
73  }
74  iv_ = iv;
75  num_crypt_bytes_ = 0;
76  SetIvInternal();
77  return true;
78 }
79 
81  if (constant_iv_flag_ == kUseConstantIv)
82  return;
83 
84  uint64_t increment = 0;
85  // As recommended in ISO/IEC 23001-7:2016 CENC spec, for 64-bit (8-byte)
86  // IV_Sizes, initialization vectors for subsequent samples can be created by
87  // incrementing the initialization vector of the previous sample.
88  // For 128-bit (16-byte) IV_Sizes, initialization vectors for subsequent
89  // samples should be created by adding the block count of the previous sample
90  // to the initialization vector of the previous sample.
91  // There is no official recommendation of how IV for next sample should be
92  // generated for CBC mode. We use the same generation algorithm as CTR here.
93  if (iv_.size() == 8) {
94  increment = 1;
95  } else {
96  DCHECK_EQ(16u, iv_.size());
97  increment = (num_crypt_bytes_ + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE;
98  }
99 
100  for (int i = iv_.size() - 1; increment > 0 && i >= 0; --i) {
101  increment += iv_[i];
102  iv_[i] = increment & 0xFF;
103  increment >>= 8;
104  }
105  num_crypt_bytes_ = 0;
106  SetIvInternal();
107 }
108 
109 bool AesCryptor::GenerateRandomIv(FourCC protection_scheme,
110  std::vector<uint8_t>* iv) {
111  // ISO/IEC 23001-7:2016 10.1 and 10.3 For 'cenc' and 'cens'
112  // default_Per_Sample_IV_Size and Per_Sample_IV_Size SHOULD be 8-bytes.
113  // There is no official guideline on the iv size for 'cbc1' and 'cbcs',
114  // but 16-byte provides better security.
115  const size_t iv_size =
116  (protection_scheme == FOURCC_cenc || protection_scheme == FOURCC_cens)
117  ? 8
118  : 16;
119  iv->resize(iv_size);
120  if (RAND_bytes(iv->data(), iv_size) != 1) {
121  LOG(ERROR) << "RAND_bytes failed with error: "
122  << ERR_error_string(ERR_get_error(), NULL);
123  return false;
124  }
125  return true;
126 }
127 
128 size_t AesCryptor::NumPaddingBytes(size_t size) const {
129  // No padding by default.
130  return 0;
131 }
132 
133 } // namespace media
134 } // namespace edash_packager
135 
136 
AesCryptor(ConstantIvFlag constant_iv_flag)
Definition: aes_cryptor.cc:32
static bool GenerateRandomIv(FourCC protection_scheme, std::vector< uint8_t > *iv)
Definition: aes_cryptor.cc:109
const std::vector< uint8_t > & iv() const
Definition: aes_cryptor.h:81
bool SetIv(const std::vector< uint8_t > &iv)
Definition: aes_cryptor.cc:69