movenc: support cenc (common encryption)

support writing encrypted mp4 using aes-ctr, conforming to ISO/IEC 23001-7. 3 new parameters were added: - encryption_scheme - allowed values are none (default) and cenc-aes-ctr - encryption_key - 128 bit encryption key (hex) - encryption_kid - 128 bit encryption key identifier (hex) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

movenc: support cenc (common encryption)
support writing encrypted mp4 using aes-ctr, conforming to ISO/IEC 23001-7. 3 new parameters were added: - encryption_scheme - allowed values are none (default) and cenc-aes-ctr - encryption_key - 128 bit encryption key (hex) - encryption_kid - 128 bit encryption key identifier (hex) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4469e8eb · erankor · Michael Niedermayer · 23ac99dc · 4469e8eb · 4469e8eb
Commit 4469e8eb authored Dec 07, 2015 by erankor Committed by Michael Niedermayer Dec 15, 2015
6 changed files
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,7 @@ Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.

 version <next>:
+- Common Encryption (CENC) MP4 encoding support
 - DXV decoding
 - extrastereo filter
 - ocr filter

--- a/libavformat/Makefile
+++ b/libavformat/Makefile
@@ -264,7 +264,7 @@ OBJS-$(CONFIG_MMF_DEMUXER)               += mmf.o
 OBJS-$(CONFIG_MMF_MUXER)                 += mmf.o rawenc.o
 OBJS-$(CONFIG_MOV_DEMUXER)               += mov.o isom.o mov_chan.o replaygain.o
 OBJS-$(CONFIG_MOV_MUXER)                 += movenc.o isom.o avc.o hevc.o \
-                                            movenchint.o mov_chan.o rtp.o
+                                            movenchint.o mov_chan.o rtp.o movenccenc.o
 OBJS-$(CONFIG_MP2_MUXER)                 += mp3enc.o rawenc.o id3v2enc.o
 OBJS-$(CONFIG_MP3_DEMUXER)               += mp3dec.o replaygain.o
 OBJS-$(CONFIG_MP3_MUXER)                 += mp3enc.o rawenc.o id3v2enc.o

--- a/libavformat/movenc.c
+++ b/libavformat/movenc.c
@@ -83,6 +83,9 @@ static const AVOption options[] = {
    { "fragment_index", "Fragment number of the next fragment", offsetof(MOVMuxContext, fragments), AV_OPT_TYPE_INT, {.i64 = 1}, 1, INT_MAX, AV_OPT_FLAG_ENCODING_PARAM},
    { "mov_gamma", "gamma value for gama atom", offsetof(MOVMuxContext, gamma), AV_OPT_TYPE_FLOAT, {.dbl = 0.0 }, 0.0, 10, AV_OPT_FLAG_ENCODING_PARAM},
    { "frag_interleave", "Interleave samples within fragments (max number of consecutive samples, lower is tighter interleaving, but with more overhead)", offsetof(MOVMuxContext, frag_interleave), AV_OPT_TYPE_INT, {.i64 = 0}, 0, INT_MAX, AV_OPT_FLAG_ENCODING_PARAM },
+    { "encryption_scheme",    "Configures the encryption scheme, allowed values are none, cenc-aes-ctr", offsetof(MOVMuxContext, encryption_scheme_str),   AV_OPT_TYPE_STRING, {.str = NULL}, .flags = AV_OPT_FLAG_ENCODING_PARAM, .unit = "movflags" },
+    { "encryption_key", "The media encryption key (hex)", offsetof(MOVMuxContext, encryption_key), AV_OPT_TYPE_BINARY, .flags = AV_OPT_FLAG_ENCODING_PARAM, .unit = "movflags" },
+    { "encryption_kid", "The media encryption key identifier (hex)", offsetof(MOVMuxContext, encryption_kid), AV_OPT_TYPE_BINARY, .flags = AV_OPT_FLAG_ENCODING_PARAM, .unit = "movflags" },
    { NULL },
 };

@@ -891,7 +894,7 @@ static int get_samples_per_packet(MOVTrack *track)
    return first_duration;
 }

-static int mov_write_audio_tag(AVIOContext *pb, MOVTrack *track)
+static int mov_write_audio_tag(AVIOContext *pb, MOVMuxContext *mov, MOVTrack *track)
 {
    int64_t pos = avio_tell(pb);
    int version = 0;
@@ -912,7 +915,11 @@ static int mov_write_audio_tag(AVIOContext *pb, MOVTrack *track)
    }

    avio_wb32(pb, 0); /* size */
-    avio_wl32(pb, tag); // store it byteswapped
+    if (mov->encryption_scheme != MOV_ENC_NONE) {
+        ffio_wfourcc(pb, "enca");
+    } else {
+        avio_wl32(pb, tag); // store it byteswapped
+    }
    avio_wb32(pb, 0); /* Reserved */
    avio_wb16(pb, 0); /* Reserved */
    avio_wb16(pb, 1); /* Data-reference index, XXX  == 1 */
@@ -1000,6 +1007,10 @@ static int mov_write_audio_tag(AVIOContext *pb, MOVTrack *track)
    if (track->mode == MODE_MOV && track->enc->codec_type == AVMEDIA_TYPE_AUDIO)
        mov_write_chan_tag(pb, track);

+    if (mov->encryption_scheme != MOV_ENC_NONE) {
+        ff_mov_cenc_write_sinf_tag(track, pb, mov->encryption_kid);
+    }
+
    return update_size(pb, pos);
 }

@@ -1659,7 +1670,11 @@ static int mov_write_video_tag(AVIOContext *pb, MOVMuxContext *mov, MOVTrack *tr
    int avid = 0;

    avio_wb32(pb, 0); /* size */
-    avio_wl32(pb, track->tag); // store it byteswapped
+    if (mov->encryption_scheme != MOV_ENC_NONE) {
+        ffio_wfourcc(pb, "encv");
+    } else {
+        avio_wl32(pb, track->tag); // store it byteswapped
+    }
    avio_wb32(pb, 0); /* Reserved */
    avio_wb16(pb, 0); /* Reserved */
    avio_wb16(pb, 1); /* Data-reference index */
@@ -1750,6 +1765,10 @@ static int mov_write_video_tag(AVIOContext *pb, MOVMuxContext *mov, MOVTrack *tr
        mov_write_pasp_tag(pb, track);
    }

+    if (mov->encryption_scheme != MOV_ENC_NONE) {
+        ff_mov_cenc_write_sinf_tag(track, pb, mov->encryption_kid);
+    }
+
    /* extra padding for avid stsd */
    /* https://developer.apple.com/library/mac/documentation/QuickTime/QTFF/QTFFChap2/qtff2.html#//apple_ref/doc/uid/TP40000939-CH204-61112 */
    if (avid)
@@ -1848,9 +1867,9 @@ static int mov_write_stsd_tag(AVIOContext *pb, MOVMuxContext *mov, MOVTrack *tra
    avio_wb32(pb, 0); /* version & flags */
    avio_wb32(pb, 1); /* entry count */
    if (track->enc->codec_type == AVMEDIA_TYPE_VIDEO)
-        mov_write_video_tag(pb, mov,  track);
+        mov_write_video_tag(pb, mov, track);
    else if (track->enc->codec_type == AVMEDIA_TYPE_AUDIO)
-        mov_write_audio_tag(pb, track);
+        mov_write_audio_tag(pb, mov, track);
    else if (track->enc->codec_type == AVMEDIA_TYPE_SUBTITLE)
        mov_write_subtitle_tag(pb, track);
    else if (track->enc->codec_tag == MKTAG('r','t','p',' '))
@@ -1980,6 +1999,9 @@ static int mov_write_stbl_tag(AVIOContext *pb, MOVMuxContext *mov, MOVTrack *tra
    mov_write_stsc_tag(pb, track);
    mov_write_stsz_tag(pb, track);
    mov_write_stco_tag(pb, track);
+    if (mov->encryption_scheme == MOV_ENC_CENC_AES_CTR) {
+        ff_mov_cenc_write_stbl_atoms(&track->cenc, pb);
+    }
    return update_size(pb, pos);
 }

@@ -4419,7 +4441,15 @@ int ff_mov_write_packet(AVFormatContext *s, AVPacket *pkt)
                                       &size);
            avio_write(pb, reformatted_data, size);
        } else {
-            size = ff_avc_parse_nal_units(pb, pkt->data, pkt->size);
+            if (mov->encryption_scheme == MOV_ENC_CENC_AES_CTR) {
+                size = ff_mov_cenc_avc_parse_nal_units(&trk->cenc, pb, pkt->data, size);
+                if (size < 0) {
+                    ret = size;
+                    goto err;
+                }
+            } else {
+                size = ff_avc_parse_nal_units(pb, pkt->data, pkt->size);
+            }
        }
    } else if (enc->codec_id == AV_CODEC_ID_HEVC && trk->vos_len > 6 &&
               (AV_RB24(trk->vos_data) == 1 || AV_RB32(trk->vos_data) == 1)) {
@@ -4440,7 +4470,20 @@ int ff_mov_write_packet(AVFormatContext *s, AVPacket *pkt)
        avio_write(pb, pkt->data, size);
 #endif
    } else {
-        avio_write(pb, pkt->data, size);
+        if (mov->encryption_scheme == MOV_ENC_CENC_AES_CTR) {
+            if (enc->codec_id == AV_CODEC_ID_H264 && enc->extradata_size > 4) {
+                int nal_size_length = (enc->extradata[4] & 0x3) + 1;
+                ret = ff_mov_cenc_avc_write_nal_units(s, &trk->cenc, nal_size_length, pb, pkt->data, size);
+            } else {
+                ret = ff_mov_cenc_write_packet(&trk->cenc, pb, pkt->data, size);
+            }
+
+            if (ret) {
+                goto err;
+            }
+        } else {
+            avio_write(pb, pkt->data, size);
+        }
    }

    if ((enc->codec_id == AV_CODEC_ID_DNXHD ||
@@ -4913,6 +4956,8 @@ static void mov_free(AVFormatContext *s)

        if (mov->tracks[i].vos_len)
            av_freep(&mov->tracks[i].vos_data);
+
+        ff_mov_cenc_free(&mov->tracks[i].cenc);
    }

    av_freep(&mov->tracks);
@@ -5123,6 +5168,31 @@ static int mov_write_header(AVFormatContext *s)
    if (!mov->tracks)
        return AVERROR(ENOMEM);

+    if (mov->encryption_scheme_str != NULL && strcmp(mov->encryption_scheme_str, "none") != 0) {
+        if (strcmp(mov->encryption_scheme_str, "cenc-aes-ctr") == 0) {
+            mov->encryption_scheme = MOV_ENC_CENC_AES_CTR;
+
+            if (mov->encryption_key_len != AES_CTR_KEY_SIZE) {
+                av_log(s, AV_LOG_ERROR, "Invalid encryption key len %d expected %d\n",
+                    mov->encryption_key_len, AES_CTR_KEY_SIZE);
+                ret = AVERROR(EINVAL);
+                goto error;
+            }
+
+            if (mov->encryption_kid_len != CENC_KID_SIZE) {
+                av_log(s, AV_LOG_ERROR, "Invalid encryption kid len %d expected %d\n",
+                    mov->encryption_kid_len, CENC_KID_SIZE);
+                ret = AVERROR(EINVAL);
+                goto error;
+            }
+        } else {
+            av_log(s, AV_LOG_ERROR, "unsupported encryption scheme %s\n",
+                mov->encryption_scheme_str);
+            ret = AVERROR(EINVAL);
+            goto error;
+        }
+    }
+
    for (i = 0; i < s->nb_streams; i++) {
        AVStream *st= s->streams[i];
        MOVTrack *track= &mov->tracks[i];
@@ -5241,6 +5311,14 @@ static int mov_write_header(AVFormatContext *s)
                memcpy(track->vos_data, st->codec->extradata, track->vos_len);
            }
        }
+
+        if (mov->encryption_scheme == MOV_ENC_CENC_AES_CTR) {
+            ret = ff_mov_cenc_init(&track->cenc, mov->encryption_key,
+                track->enc->codec_id == AV_CODEC_ID_H264, s->flags & AVFMT_FLAG_BITEXACT);
+            if (ret) {
+                goto error;
+            }
+        }
    }

    for (i = 0; i < s->nb_streams; i++) {

--- a/libavformat/movenc.h
+++ b/libavformat/movenc.h
@@ -25,6 +25,7 @@
 #define AVFORMAT_MOVENC_H

 #include "avformat.h"
+#include "movenccenc.h"

 #define MOV_FRAG_INFO_ALLOC_INCREMENT 64
 #define MOV_INDEX_CLUSTER_SIZE 1024
@@ -149,8 +150,15 @@ typedef struct MOVTrack {
    } vc1_info;

    void       *eac3_priv;
+
+    MOVMuxCencContext cenc;
 } MOVTrack;

+typedef enum {
+    MOV_ENC_NONE = 0,
+    MOV_ENC_CENC_AES_CTR,
+} MOVEncryptionScheme;
+
 typedef struct MOVMuxContext {
    const AVClass *av_class;
    int     mode;
@@ -193,6 +201,14 @@ typedef struct MOVMuxContext {

    int frag_interleave;
    int missing_duration_warned;
+
+    char *encryption_scheme_str;
+    MOVEncryptionScheme encryption_scheme;
+    uint8_t *encryption_key;
+    int encryption_key_len;
+    uint8_t *encryption_kid;
+    int encryption_kid_len;
+
 } MOVMuxContext;

 #define FF_MOV_FLAG_RTP_HINT              (1 <<  0)

--- a/libavformat/movenccenc.c
+++ b/libavformat/movenccenc.c
--- a/libavformat/movenccenc.h
+++ b/libavformat/movenccenc.h
+/*
+ * MOV CENC (Common Encryption) writer
+ * Copyright (c) 2015 Eran Kornblau <erankor at gmail dot com>
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef AVFORMAT_MOVENCCENC_H
+#define AVFORMAT_MOVENCCENC_H
+
+#include "libavutil/aes_ctr.h"
+#include "avformat.h"
+#include "avio.h"
+
+#define CENC_KID_SIZE (16)
+
+struct MOVTrack;
+
+typedef struct {
+    struct AVAESCTR* aes_ctr;
+    uint8_t* auxiliary_info;
+    size_t auxiliary_info_size;
+    size_t auxiliary_info_alloc_size;
+    uint32_t auxiliary_info_entries;
+
+    /* subsample support */
+    int use_subsamples;
+    uint16_t subsample_count;
+    size_t auxiliary_info_subsample_start;
+    uint8_t* auxiliary_info_sizes;
+    size_t  auxiliary_info_sizes_alloc_size;
+} MOVMuxCencContext;
+
+/**
+ * Initialize a CENC context
+ * @param key encryption key, must have a length of AES_CTR_KEY_SIZE
+ * @param use_subsamples when enabled parts of a packet can be encrypted, otherwise the whole packet is encrypted
+ */
+int ff_mov_cenc_init(MOVMuxCencContext* ctx, uint8_t* encryption_key, int use_subsamples, int bitexact);
+
+/**
+ * Free a CENC context
+ */
+void ff_mov_cenc_free(MOVMuxCencContext* ctx);
+
+/**
+ * Write a fully encrypted packet
+ */
+int ff_mov_cenc_write_packet(MOVMuxCencContext* ctx, AVIOContext *pb, const uint8_t *buf_in, int size);
+
+/**
+ * Parse AVC NAL units from annex B format, the nal size and type are written in the clear while the body is encrypted
+ */
+int ff_mov_cenc_avc_parse_nal_units(MOVMuxCencContext* ctx, AVIOContext *pb, const uint8_t *buf_in, int size);
+
+/**
+ * Write AVC NAL units that are in MP4 format, the nal size and type are written in the clear while the body is encrypted
+ */
+int ff_mov_cenc_avc_write_nal_units(AVFormatContext *s, MOVMuxCencContext* ctx, int nal_length_size,
+    AVIOContext *pb, const uint8_t *buf_in, int size);
+
+/**
+ * Write the cenc atoms that should reside inside stbl
+ */
+void ff_mov_cenc_write_stbl_atoms(MOVMuxCencContext* ctx, AVIOContext *pb);
+
+/**
+ * Write the sinf atom, contained inside stsd
+ */
+int ff_mov_cenc_write_sinf_tag(struct MOVTrack* track, AVIOContext *pb, uint8_t* kid);
+
+#endif /* AVFORMAT_MOVENCCENC_H */