2 * Decryption protocol handler
3 * Copyright (c) 2011 Martin Storsjo
5 * This file is part of Libav.
7 * Libav is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * Libav is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with Libav; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
23 #include "libavutil/aes.h"
24 #include "libavutil/avstring.h"
25 #include "libavutil/opt.h"
29 #define MAX_BUFFER_BLOCKS 150
35 uint8_t inbuffer [BLOCKSIZE*MAX_BUFFER_BLOCKS],
36 outbuffer[BLOCKSIZE*MAX_BUFFER_BLOCKS];
38 int indata, indata_used, outdata;
47 #define OFFSET(x) offsetof(CryptoContext, x)
48 static const AVOption options[] = {
49 {"key", "AES decryption key", OFFSET(key), FF_OPT_TYPE_BINARY },
50 {"iv", "AES decryption initialization vector", OFFSET(iv), FF_OPT_TYPE_BINARY },
54 static const AVClass crypto_class = {
55 .class_name = "crypto",
56 .item_name = av_default_item_name,
58 .version = LIBAVUTIL_VERSION_INT,
61 static int crypto_open(URLContext *h, const char *uri, int flags)
63 const char *nested_url;
65 CryptoContext *c = h->priv_data;
67 if (!av_strstart(uri, "crypto+", &nested_url) &&
68 !av_strstart(uri, "crypto:", &nested_url)) {
69 av_log(h, AV_LOG_ERROR, "Unsupported url %s\n", uri);
70 ret = AVERROR(EINVAL);
74 if (c->keylen < BLOCKSIZE || c->ivlen < BLOCKSIZE) {
75 av_log(h, AV_LOG_ERROR, "Key or IV not set\n");
76 ret = AVERROR(EINVAL);
79 if (flags & AVIO_FLAG_WRITE) {
80 av_log(h, AV_LOG_ERROR, "Only decryption is supported currently\n");
81 ret = AVERROR(ENOSYS);
84 if ((ret = ffurl_open(&c->hd, nested_url, AVIO_FLAG_READ)) < 0) {
85 av_log(h, AV_LOG_ERROR, "Unable to open input\n");
88 c->aes = av_mallocz(av_aes_size);
90 ret = AVERROR(ENOMEM);
94 av_aes_init(c->aes, c->key, 128, 1);
105 static int crypto_read(URLContext *h, uint8_t *buf, int size)
107 CryptoContext *c = h->priv_data;
110 if (c->outdata > 0) {
111 size = FFMIN(size, c->outdata);
112 memcpy(buf, c->outptr, size);
117 // We avoid using the last block until we've found EOF,
118 // since we'll remove PKCS7 padding at the end. So make
119 // sure we've got at least 2 blocks, so we can decrypt
121 while (c->indata - c->indata_used < 2*BLOCKSIZE) {
122 int n = ffurl_read(c->hd, c->inbuffer + c->indata,
123 sizeof(c->inbuffer) - c->indata);
130 blocks = (c->indata - c->indata_used) / BLOCKSIZE;
135 av_aes_crypt(c->aes, c->outbuffer, c->inbuffer + c->indata_used, blocks,
137 c->outdata = BLOCKSIZE * blocks;
138 c->outptr = c->outbuffer;
139 c->indata_used += BLOCKSIZE * blocks;
140 if (c->indata_used >= sizeof(c->inbuffer)/2) {
141 memmove(c->inbuffer, c->inbuffer + c->indata_used,
142 c->indata - c->indata_used);
143 c->indata -= c->indata_used;
147 // Remove PKCS7 padding at the end
148 int padding = c->outbuffer[c->outdata - 1];
149 c->outdata -= padding;
154 static int crypto_close(URLContext *h)
156 CryptoContext *c = h->priv_data;
165 URLProtocol ff_crypto_protocol = {
167 .url_open = crypto_open,
168 .url_read = crypto_read,
169 .url_close = crypto_close,
170 .priv_data_size = sizeof(CryptoContext),
171 .priv_data_class = &crypto_class,
172 .flags = URL_PROTOCOL_FLAG_NESTED_SCHEME,