static void run_lavu_aes128(uint8_t *output,
const uint8_t *input, unsigned size)
{
static struct AVAES *aes;
if (!aes && !(aes = av_aes_alloc()))
fatal_error("out of memory");
av_aes_init(aes, hardcoded_key, 128, 0);
av_aes_crypt(aes, output, input, size >> 4, NULL, 0);
}
int ff_srtp_set_crypto(struct SRTPContext *s, const char *suite,
const char *params)
{
uint8_t buf[30];
ff_srtp_free(s);
// RFC 4568
if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_80") ||
!strcmp(suite, "SRTP_AES128_CM_HMAC_SHA1_80")) {
s->rtp_hmac_size = s->rtcp_hmac_size = 10;
} else if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_32")) {
s->rtp_hmac_size = s->rtcp_hmac_size = 4;
} else if (!strcmp(suite, "SRTP_AES128_CM_HMAC_SHA1_32")) {
// RFC 5764 section 4.1.2
s->rtp_hmac_size = 4;
s->rtcp_hmac_size = 10;
} else {
av_log(NULL, AV_LOG_WARNING, "SRTP Crypto suite %s not supported\n",
suite);
return AVERROR(EINVAL);
}
if (av_base64_decode(buf, params, sizeof(buf)) != sizeof(buf)) {
av_log(NULL, AV_LOG_WARNING, "Incorrect amount of SRTP params\n");
return AVERROR(EINVAL);
}
// MKI and lifetime not handled yet
s->aes = av_aes_alloc();
s->hmac = av_hmac_alloc(AV_HMAC_SHA1);
if (!s->aes || !s->hmac)
return AVERROR(ENOMEM);
memcpy(s->master_key, buf, 16);
memcpy(s->master_salt, buf + 16, 14);
// RFC 3711
av_aes_init(s->aes, s->master_key, 128, 0);
derive_key(s->aes, s->master_salt, 0x00, s->rtp_key, sizeof(s->rtp_key));
derive_key(s->aes, s->master_salt, 0x02, s->rtp_salt, sizeof(s->rtp_salt));
derive_key(s->aes, s->master_salt, 0x01, s->rtp_auth, sizeof(s->rtp_auth));
derive_key(s->aes, s->master_salt, 0x03, s->rtcp_key, sizeof(s->rtcp_key));
derive_key(s->aes, s->master_salt, 0x05, s->rtcp_salt, sizeof(s->rtcp_salt));
derive_key(s->aes, s->master_salt, 0x04, s->rtcp_auth, sizeof(s->rtcp_auth));
return 0;
}
static int crypto_open(URLContext *h, const char *uri, int flags)
{
const char *nested_url;
int ret = 0;
CryptoContext *c = h->priv_data;
if (!av_strstart(uri, "crypto+", &nested_url) &&
!av_strstart(uri, "crypto:", &nested_url)) {
av_log(h, AV_LOG_ERROR, "Unsupported url %s\n", uri);
ret = AVERROR(EINVAL);
goto err;
}
if (c->keylen < BLOCKSIZE || c->ivlen < BLOCKSIZE) {
av_log(h, AV_LOG_ERROR, "Key or IV not set\n");
ret = AVERROR(EINVAL);
goto err;
}
if (flags & AVIO_FLAG_WRITE) {
av_log(h, AV_LOG_ERROR, "Only decryption is supported currently\n");
ret = AVERROR(ENOSYS);
goto err;
}
if ((ret = ffurl_open(&c->hd, nested_url, AVIO_FLAG_READ,
&h->interrupt_callback, NULL, h->protocols, h)) < 0) {
av_log(h, AV_LOG_ERROR, "Unable to open input\n");
goto err;
}
c->aes = av_aes_alloc();
if (!c->aes) {
ret = AVERROR(ENOMEM);
goto err;
}
av_aes_init(c->aes, c->key, 128, 1);
h->is_streamed = 1;
err:
return ret;
}
static int crypto_open2(URLContext *h, const char *uri, int flags, AVDictionary **options)
{
const char *nested_url;
int ret = 0;
CryptoContext *c = h->priv_data;
c->flags = flags;
if (!av_strstart(uri, "crypto+", &nested_url) &&
!av_strstart(uri, "crypto:", &nested_url)) {
av_log(h, AV_LOG_ERROR, "Unsupported url %s\n", uri);
ret = AVERROR(EINVAL);
goto err;
}
c->position = 0;
if (flags & AVIO_FLAG_READ) {
if ((ret = set_aes_arg(c, &c->decrypt_key, &c->decrypt_keylen,
c->key, c->keylen, "decryption key")) < 0)
goto err;
if ((ret = set_aes_arg(c, &c->decrypt_iv, &c->decrypt_ivlen,
c->iv, c->ivlen, "decryption IV")) < 0)
goto err;
}
if (flags & AVIO_FLAG_WRITE) {
if ((ret = set_aes_arg(c, &c->encrypt_key, &c->encrypt_keylen,
c->key, c->keylen, "encryption key")) < 0)
if (ret < 0)
goto err;
if ((ret = set_aes_arg(c, &c->encrypt_iv, &c->encrypt_ivlen,
c->iv, c->ivlen, "encryption IV")) < 0)
goto err;
}
if ((ret = ffurl_open_whitelist(&c->hd, nested_url, flags,
&h->interrupt_callback, options,
h->protocol_whitelist, h->protocol_blacklist, h)) < 0) {
av_log(h, AV_LOG_ERROR, "Unable to open resource: %s\n", nested_url);
goto err;
}
if (flags & AVIO_FLAG_READ) {
c->aes_decrypt = av_aes_alloc();
if (!c->aes_decrypt) {
ret = AVERROR(ENOMEM);
goto err;
}
ret = av_aes_init(c->aes_decrypt, c->decrypt_key, BLOCKSIZE*8, 1);
if (ret < 0)
goto err;
// pass back information about the context we openned
if (c->hd->is_streamed)
h->is_streamed = c->hd->is_streamed;
}
if (flags & AVIO_FLAG_WRITE) {
c->aes_encrypt = av_aes_alloc();
if (!c->aes_encrypt) {
ret = AVERROR(ENOMEM);
goto err;
}
ret = av_aes_init(c->aes_encrypt, c->encrypt_key, BLOCKSIZE*8, 0);
if (ret < 0)
goto err;
// for write, we must be streamed
// - linear write only for crytpo aes-128-cbc
h->is_streamed = 1;
}
c->pad_len = 0;
err:
return ret;
}
