static void run_lavu_aes128(uint8_t *output, const uint8_t *input, unsigned size) { static struct AVAES *aes; if (!aes && !(aes = av_aes_alloc())) fatal_error("out of memory"); av_aes_init(aes, hardcoded_key, 128, 0); av_aes_crypt(aes, output, input, size >> 4, NULL, 0); }
int ff_srtp_set_crypto(struct SRTPContext *s, const char *suite, const char *params) { uint8_t buf[30]; ff_srtp_free(s); // RFC 4568 if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_80") || !strcmp(suite, "SRTP_AES128_CM_HMAC_SHA1_80")) { s->rtp_hmac_size = s->rtcp_hmac_size = 10; } else if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_32")) { s->rtp_hmac_size = s->rtcp_hmac_size = 4; } else if (!strcmp(suite, "SRTP_AES128_CM_HMAC_SHA1_32")) { // RFC 5764 section 4.1.2 s->rtp_hmac_size = 4; s->rtcp_hmac_size = 10; } else { av_log(NULL, AV_LOG_WARNING, "SRTP Crypto suite %s not supported\n", suite); return AVERROR(EINVAL); } if (av_base64_decode(buf, params, sizeof(buf)) != sizeof(buf)) { av_log(NULL, AV_LOG_WARNING, "Incorrect amount of SRTP params\n"); return AVERROR(EINVAL); } // MKI and lifetime not handled yet s->aes = av_aes_alloc(); s->hmac = av_hmac_alloc(AV_HMAC_SHA1); if (!s->aes || !s->hmac) return AVERROR(ENOMEM); memcpy(s->master_key, buf, 16); memcpy(s->master_salt, buf + 16, 14); // RFC 3711 av_aes_init(s->aes, s->master_key, 128, 0); derive_key(s->aes, s->master_salt, 0x00, s->rtp_key, sizeof(s->rtp_key)); derive_key(s->aes, s->master_salt, 0x02, s->rtp_salt, sizeof(s->rtp_salt)); derive_key(s->aes, s->master_salt, 0x01, s->rtp_auth, sizeof(s->rtp_auth)); derive_key(s->aes, s->master_salt, 0x03, s->rtcp_key, sizeof(s->rtcp_key)); derive_key(s->aes, s->master_salt, 0x05, s->rtcp_salt, sizeof(s->rtcp_salt)); derive_key(s->aes, s->master_salt, 0x04, s->rtcp_auth, sizeof(s->rtcp_auth)); return 0; }
static int crypto_open(URLContext *h, const char *uri, int flags) { const char *nested_url; int ret = 0; CryptoContext *c = h->priv_data; if (!av_strstart(uri, "crypto+", &nested_url) && !av_strstart(uri, "crypto:", &nested_url)) { av_log(h, AV_LOG_ERROR, "Unsupported url %s\n", uri); ret = AVERROR(EINVAL); goto err; } if (c->keylen < BLOCKSIZE || c->ivlen < BLOCKSIZE) { av_log(h, AV_LOG_ERROR, "Key or IV not set\n"); ret = AVERROR(EINVAL); goto err; } if (flags & AVIO_FLAG_WRITE) { av_log(h, AV_LOG_ERROR, "Only decryption is supported currently\n"); ret = AVERROR(ENOSYS); goto err; } if ((ret = ffurl_open(&c->hd, nested_url, AVIO_FLAG_READ, &h->interrupt_callback, NULL, h->protocols, h)) < 0) { av_log(h, AV_LOG_ERROR, "Unable to open input\n"); goto err; } c->aes = av_aes_alloc(); if (!c->aes) { ret = AVERROR(ENOMEM); goto err; } av_aes_init(c->aes, c->key, 128, 1); h->is_streamed = 1; err: return ret; }
static int crypto_open2(URLContext *h, const char *uri, int flags, AVDictionary **options) { const char *nested_url; int ret = 0; CryptoContext *c = h->priv_data; c->flags = flags; if (!av_strstart(uri, "crypto+", &nested_url) && !av_strstart(uri, "crypto:", &nested_url)) { av_log(h, AV_LOG_ERROR, "Unsupported url %s\n", uri); ret = AVERROR(EINVAL); goto err; } c->position = 0; if (flags & AVIO_FLAG_READ) { if ((ret = set_aes_arg(c, &c->decrypt_key, &c->decrypt_keylen, c->key, c->keylen, "decryption key")) < 0) goto err; if ((ret = set_aes_arg(c, &c->decrypt_iv, &c->decrypt_ivlen, c->iv, c->ivlen, "decryption IV")) < 0) goto err; } if (flags & AVIO_FLAG_WRITE) { if ((ret = set_aes_arg(c, &c->encrypt_key, &c->encrypt_keylen, c->key, c->keylen, "encryption key")) < 0) if (ret < 0) goto err; if ((ret = set_aes_arg(c, &c->encrypt_iv, &c->encrypt_ivlen, c->iv, c->ivlen, "encryption IV")) < 0) goto err; } if ((ret = ffurl_open_whitelist(&c->hd, nested_url, flags, &h->interrupt_callback, options, h->protocol_whitelist, h->protocol_blacklist, h)) < 0) { av_log(h, AV_LOG_ERROR, "Unable to open resource: %s\n", nested_url); goto err; } if (flags & AVIO_FLAG_READ) { c->aes_decrypt = av_aes_alloc(); if (!c->aes_decrypt) { ret = AVERROR(ENOMEM); goto err; } ret = av_aes_init(c->aes_decrypt, c->decrypt_key, BLOCKSIZE*8, 1); if (ret < 0) goto err; // pass back information about the context we openned if (c->hd->is_streamed) h->is_streamed = c->hd->is_streamed; } if (flags & AVIO_FLAG_WRITE) { c->aes_encrypt = av_aes_alloc(); if (!c->aes_encrypt) { ret = AVERROR(ENOMEM); goto err; } ret = av_aes_init(c->aes_encrypt, c->encrypt_key, BLOCKSIZE*8, 0); if (ret < 0) goto err; // for write, we must be streamed // - linear write only for crytpo aes-128-cbc h->is_streamed = 1; } c->pad_len = 0; err: return ret; }