FFmpeg
aes_ctr.c
Go to the documentation of this file.
1 /*
2  * AES-CTR cipher
3  * Copyright (c) 2015 Eran Kornblau <erankor at gmail dot com>
4  *
5  * This file is part of FFmpeg.
6  *
7  * FFmpeg is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2.1 of the License, or (at your option) any later version.
11  *
12  * FFmpeg is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with FFmpeg; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20  */
21 
22 #include <string.h>
23 
24 #include "aes_ctr.h"
25 #include "aes.h"
26 #include "aes_internal.h"
27 #include "intreadwrite.h"
28 #include "macros.h"
29 #include "mem.h"
30 #include "random_seed.h"
31 
32 #define AES_BLOCK_SIZE (16)
33 
34 typedef struct AVAESCTR {
35  DECLARE_ALIGNED(8, uint8_t, counter)[AES_BLOCK_SIZE];
36  DECLARE_ALIGNED(8, uint8_t, encrypted_counter)[AES_BLOCK_SIZE];
37  int block_offset;
38  AVAES aes;
39 } AVAESCTR;
40 
41 struct AVAESCTR *av_aes_ctr_alloc(void)
42 {
43  return av_mallocz(sizeof(struct AVAESCTR));
44 }
45 
46 void av_aes_ctr_set_iv(struct AVAESCTR *a, const uint8_t* iv)
47 {
48  memcpy(a->counter, iv, AES_CTR_IV_SIZE);
49  memset(a->counter + AES_CTR_IV_SIZE, 0, sizeof(a->counter) - AES_CTR_IV_SIZE);
50  a->block_offset = 0;
51 }
52 
53 void av_aes_ctr_set_full_iv(struct AVAESCTR *a, const uint8_t* iv)
54 {
55  memcpy(a->counter, iv, sizeof(a->counter));
56  a->block_offset = 0;
57 }
58 
59 const uint8_t* av_aes_ctr_get_iv(struct AVAESCTR *a)
60 {
61  return a->counter;
62 }
63 
64 void av_aes_ctr_set_random_iv(struct AVAESCTR *a)
65 {
66  uint32_t iv[2];
67 
68  iv[0] = av_get_random_seed();
69  iv[1] = av_get_random_seed();
70 
71  av_aes_ctr_set_iv(a, (uint8_t*)iv);
72 }
73 
74 int av_aes_ctr_init(struct AVAESCTR *a, const uint8_t *key)
75 {
76  av_aes_init(&a->aes, key, 128, 0);
77 
78  memset(a->counter, 0, sizeof(a->counter));
79  a->block_offset = 0;
80 
81  return 0;
82 }
83 
84 void av_aes_ctr_free(struct AVAESCTR *a)
85 {
86  av_free(a);
87 }
88 
89 static inline void av_aes_ctr_increment_be64(uint8_t* counter)
90 {
91  uint64_t c = AV_RB64A(counter) + 1;
92  AV_WB64A(counter, c);
93 }
94 
95 void av_aes_ctr_increment_iv(struct AVAESCTR *a)
96 {
97  av_aes_ctr_increment_be64(a->counter);
98  memset(a->counter + AES_CTR_IV_SIZE, 0, sizeof(a->counter) - AES_CTR_IV_SIZE);
99  a->block_offset = 0;
100 }
101 
102 void av_aes_ctr_crypt(struct AVAESCTR *a, uint8_t *dst, const uint8_t *src, int count)
103 {
104  if (a->block_offset && count > 0) {
105  int left = FFMIN(count, AES_BLOCK_SIZE - a->block_offset);
106  for (int len = 0; len < left; len++)
107  dst[len] = src[len] ^ a->encrypted_counter[a->block_offset++];
108  a->block_offset &= AES_BLOCK_SIZE - 1;
109  dst += left;
110  src += left;
111  count -= left;
112  }
113 
114  while (count >= AES_BLOCK_SIZE) {
115  av_aes_crypt(&a->aes, a->encrypted_counter, a->counter, 1, NULL, 0);
116  av_aes_ctr_increment_be64(a->counter + 8);
117 #if HAVE_FAST_64BIT
118  for (int len = 0; len < AES_BLOCK_SIZE; len += 8)
119  AV_WN64(&dst[len], AV_RN64(&src[len]) ^ AV_RN64A(&a->encrypted_counter[len]));
120 #else
121  for (int len = 0; len < AES_BLOCK_SIZE; len += 4)
122  AV_WN32(&dst[len], AV_RN32(&src[len]) ^ AV_RN32A(&a->encrypted_counter[len]));
123 #endif
124  dst += AES_BLOCK_SIZE;
125  src += AES_BLOCK_SIZE;
126  count -= AES_BLOCK_SIZE;
127  }
128 
129  if (count > 0) {
130  av_aes_crypt(&a->aes, a->encrypted_counter, a->counter, 1, NULL, 0);
131  av_aes_ctr_increment_be64(a->counter + 8);
132  for (int len = 0; len < count; len++)
133  dst[len] = src[len] ^ a->encrypted_counter[a->block_offset++];
134  }
135 }
av_aes_init
int av_aes_init(AVAES *a, const uint8_t *key, int key_bits, int decrypt)
Initialize an AVAES context.
Definition: aes.c:231
AVAESCTR::block_offset
int block_offset
Definition: aes_ctr.c:37
AV_RN64
#define AV_RN64(p)
Definition: intreadwrite.h:364
av_aes_ctr_set_random_iv
void av_aes_ctr_set_random_iv(struct AVAESCTR *a)
Generate a random iv.
Definition: aes_ctr.c:64
av_get_random_seed
uint32_t av_get_random_seed(void)
Get a seed to use in conjunction with random functions.
Definition: random_seed.c:196
macros.h
AV_RB64A
#define AV_RB64A(p)
Definition: intreadwrite.h:589
intreadwrite.h
av_aes_ctr_get_iv
const uint8_t * av_aes_ctr_get_iv(struct AVAESCTR *a)
Get the current iv.
Definition: aes_ctr.c:59
AES_BLOCK_SIZE
#define AES_BLOCK_SIZE
Definition: aes_ctr.c:32
key
const char * key
Definition: hwcontext_opencl.c:189
AVAESCTR::aes
AVAES aes
Definition: aes_ctr.c:38
aes.h
NULL
#define NULL
Definition: coverity.c:32
av_aes_ctr_alloc
struct AVAESCTR * av_aes_ctr_alloc(void)
Allocate an AVAESCTR context.
Definition: aes_ctr.c:41
AV_RN32
#define AV_RN32(p)
Definition: intreadwrite.h:360
av_aes_crypt
void av_aes_crypt(AVAES *a, uint8_t *dst, const uint8_t *src, int count, uint8_t *iv, int decrypt)
Encrypt or decrypt a buffer using a previously initialized context.
Definition: aes.c:171
c
Undefined Behavior In the C some operations are like signed integer dereferencing freed accessing outside allocated Undefined Behavior must not occur in a C it is not safe even if the output of undefined operations is unused The unsafety may seem nit picking but Optimizing compilers have in fact optimized code on the assumption that no undefined Behavior occurs Optimizing code based on wrong assumptions can and has in some cases lead to effects beyond the output of computations The signed integer overflow problem in speed critical code Code which is highly optimized and works with signed integers sometimes has the problem that often the output of the computation does not c
Definition: undefined.txt:32
AV_WB64A
#define AV_WB64A(p, v)
Definition: intreadwrite.h:592
av_aes_ctr_init
int av_aes_ctr_init(struct AVAESCTR *a, const uint8_t *key)
Initialize an AVAESCTR context.
Definition: aes_ctr.c:74
DECLARE_ALIGNED
#define DECLARE_ALIGNED(n, t, v)
Definition: mem_internal.h:104
AV_WN32
#define AV_WN32(p, v)
Definition: intreadwrite.h:372
dst
uint8_t ptrdiff_t const uint8_t ptrdiff_t int intptr_t intptr_t int int16_t * dst
Definition: dsp.h:87
av_aes_ctr_set_iv
void av_aes_ctr_set_iv(struct AVAESCTR *a, const uint8_t *iv)
Forcefully change the 8-byte iv.
Definition: aes_ctr.c:46
av_aes_ctr_set_full_iv
void av_aes_ctr_set_full_iv(struct AVAESCTR *a, const uint8_t *iv)
Forcefully change the "full" 16-byte iv, including the counter.
Definition: aes_ctr.c:53
AV_RN64A
#define AV_RN64A(p)
Definition: intreadwrite.h:526
aes_ctr.h
AVAESCTR::encrypted_counter
uint8_t encrypted_counter[AES_BLOCK_SIZE]
Definition: aes_ctr.c:36
a
The reader does not expect b to be semantically here and if the code is changed by maybe adding a a division or other the signedness will almost certainly be mistaken To avoid this confusion a new type was SUINT is the C unsigned type but it holds a signed int to use the same example SUINT a
Definition: undefined.txt:41
aes_internal.h
av_aes_ctr_free
void av_aes_ctr_free(struct AVAESCTR *a)
Release an AVAESCTR context.
Definition: aes_ctr.c:84
FFMIN
#define FFMIN(a, b)
Definition: macros.h:49
av_mallocz
void * av_mallocz(size_t size)
Allocate a memory block with alignment suitable for all memory accesses (including vectors if availab...
Definition: mem.c:256
len
int len
Definition: vorbis_enc_data.h:426
AV_RN32A
#define AV_RN32A(p)
Definition: intreadwrite.h:522
AVAES
Definition: aes_internal.h:34
left
Tag MUST be and< 10hcoeff half pel interpolation filter coefficients, hcoeff[0] are the 2 middle coefficients[1] are the next outer ones and so on, resulting in a filter like:...eff[2], hcoeff[1], hcoeff[0], hcoeff[0], hcoeff[1], hcoeff[2] ... the sign of the coefficients is not explicitly stored but alternates after each coeff and coeff[0] is positive, so ...,+,-,+,-,+,+,-,+,-,+,... hcoeff[0] is not explicitly stored but found by subtracting the sum of all stored coefficients with signs from 32 hcoeff[0]=32 - hcoeff[1] - hcoeff[2] - ... a good choice for hcoeff and htaps is htaps=6 hcoeff={40,-10, 2} an alternative which requires more computations at both encoder and decoder side and may or may not be better is htaps=8 hcoeff={42,-14, 6,-2}ref_frames minimum of the number of available reference frames and max_ref_frames for example the first frame after a key frame always has ref_frames=1spatial_decomposition_type wavelet type 0 is a 9/7 symmetric compact integer wavelet 1 is a 5/3 symmetric compact integer wavelet others are reserved stored as delta from last, last is reset to 0 if always_reset||keyframeqlog quality(logarithmic quantizer scale) stored as delta from last, last is reset to 0 if always_reset||keyframemv_scale stored as delta from last, last is reset to 0 if always_reset||keyframe FIXME check that everything works fine if this changes between framesqbias dequantization bias stored as delta from last, last is reset to 0 if always_reset||keyframeblock_max_depth maximum depth of the block tree stored as delta from last, last is reset to 0 if always_reset||keyframequant_table quantization tableHighlevel bitstream structure:==============================--------------------------------------------|Header|--------------------------------------------|------------------------------------|||Block0||||split?||||yes no||||......... intra?||||:Block01 :yes no||||:Block02 :....... ..........||||:Block03 ::y DC ::ref index:||||:Block04 ::cb DC ::motion x :||||......... :cr DC ::motion y :||||....... ..........|||------------------------------------||------------------------------------|||Block1|||...|--------------------------------------------|------------ ------------ ------------|||Y subbands||Cb subbands||Cr subbands||||--- ---||--- ---||--- ---|||||LL0||HL0||||LL0||HL0||||LL0||HL0|||||--- ---||--- ---||--- ---||||--- ---||--- ---||--- ---|||||LH0||HH0||||LH0||HH0||||LH0||HH0|||||--- ---||--- ---||--- ---||||--- ---||--- ---||--- ---|||||HL1||LH1||||HL1||LH1||||HL1||LH1|||||--- ---||--- ---||--- ---||||--- ---||--- ---||--- ---|||||HH1||HL2||||HH1||HL2||||HH1||HL2|||||...||...||...|||------------ ------------ ------------|--------------------------------------------Decoding process:=================------------|||Subbands|------------||||------------|Intra DC||||LL0 subband prediction ------------|\ Dequantization ------------------- \||Reference frames|\ IDWT|------- -------|Motion \|||Frame 0||Frame 1||Compensation . OBMC v -------|------- -------|--------------. \------> Frame n output Frame Frame<----------------------------------/|...|------------------- Range Coder:============Binary Range Coder:------------------- The implemented range coder is an adapted version based upon "Range encoding: an algorithm for removing redundancy from a digitised message." by G. N. N. Martin. The symbols encoded by the Snow range coder are bits(0|1). The associated probabilities are not fix but change depending on the symbol mix seen so far. bit seen|new state ---------+----------------------------------------------- 0|256 - state_transition_table[256 - old_state];1|state_transition_table[old_state];state_transition_table={ 0, 0, 0, 0, 0, 0, 0, 0, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 190, 191, 192, 194, 194, 195, 196, 197, 198, 199, 200, 201, 202, 202, 204, 205, 206, 207, 208, 209, 209, 210, 211, 212, 213, 215, 215, 216, 217, 218, 219, 220, 220, 222, 223, 224, 225, 226, 227, 227, 229, 229, 230, 231, 232, 234, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 248, 0, 0, 0, 0, 0, 0, 0};FIXME Range Coding of integers:------------------------- FIXME Neighboring Blocks:===================left and top are set to the respective blocks unless they are outside of the image in which case they are set to the Null block top-left is set to the top left block unless it is outside of the image in which case it is set to the left block if this block has no larger parent block or it is at the left side of its parent block and the top right block is not outside of the image then the top right block is used for top-right else the top-left block is used Null block y, cb, cr are 128 level, ref, mx and my are 0 Motion Vector Prediction:=========================1. the motion vectors of all the neighboring blocks are scaled to compensate for the difference of reference frames scaled_mv=(mv *(256 *(current_reference+1)/(mv.reference+1))+128)> the median of the scaled left
Definition: snow.txt:386
random_seed.h
AVAESCTR::counter
uint8_t counter[AES_BLOCK_SIZE]
Definition: aes_ctr.c:35
av_aes_ctr_increment_iv
void av_aes_ctr_increment_iv(struct AVAESCTR *a)
Increment the top 64 bit of the iv (performed after each frame)
Definition: aes_ctr.c:95
av_aes_ctr_crypt
void av_aes_ctr_crypt(struct AVAESCTR *a, uint8_t *dst, const uint8_t *src, int count)
Process a buffer using a previously initialized context.
Definition: aes_ctr.c:102
mem.h
av_free
#define av_free(p)
Definition: tableprint_vlc.h:34
AES_CTR_IV_SIZE
#define AES_CTR_IV_SIZE
Definition: aes_ctr.h:36
AV_WN64
#define AV_WN64(p, v)
Definition: intreadwrite.h:376
av_aes_ctr_increment_be64
static void av_aes_ctr_increment_be64(uint8_t *counter)
Definition: aes_ctr.c:89
AVAESCTR
Definition: aes_ctr.c:34
src
#define src
Definition: vp8dsp.c:248
Generated on Fri Sep 12 2025 19:23:34 for FFmpeg by   doxygen 1.8.17