| Line | Branch | Exec | Source |
|---|---|---|---|
| 1 | /* | ||
| 2 | * AES-CTR cipher | ||
| 3 | * Copyright (c) 2015 Eran Kornblau <erankor at gmail dot com> | ||
| 4 | * | ||
| 5 | * This file is part of FFmpeg. | ||
| 6 | * | ||
| 7 | * FFmpeg is free software; you can redistribute it and/or | ||
| 8 | * modify it under the terms of the GNU Lesser General Public | ||
| 9 | * License as published by the Free Software Foundation; either | ||
| 10 | * version 2.1 of the License, or (at your option) any later version. | ||
| 11 | * | ||
| 12 | * FFmpeg is distributed in the hope that it will be useful, | ||
| 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
| 15 | * Lesser General Public License for more details. | ||
| 16 | * | ||
| 17 | * You should have received a copy of the GNU Lesser General Public | ||
| 18 | * License along with FFmpeg; if not, write to the Free Software | ||
| 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | ||
| 20 | */ | ||
| 21 | |||
| 22 | #include <string.h> | ||
| 23 | |||
| 24 | #include "aes_ctr.h" | ||
| 25 | #include "aes.h" | ||
| 26 | #include "aes_internal.h" | ||
| 27 | #include "intreadwrite.h" | ||
| 28 | #include "macros.h" | ||
| 29 | #include "mem.h" | ||
| 30 | #include "random_seed.h" | ||
| 31 | |||
| 32 | #define AES_BLOCK_SIZE (16) | ||
| 33 | |||
| 34 | typedef struct AVAESCTR { | ||
| 35 | DECLARE_ALIGNED(8, uint8_t, counter)[AES_BLOCK_SIZE]; | ||
| 36 | DECLARE_ALIGNED(8, uint8_t, encrypted_counter)[AES_BLOCK_SIZE]; | ||
| 37 | int block_offset; | ||
| 38 | AVAES aes; | ||
| 39 | } AVAESCTR; | ||
| 40 | |||
| 41 | 10 | struct AVAESCTR *av_aes_ctr_alloc(void) | |
| 42 | { | ||
| 43 | 10 | return av_mallocz(sizeof(struct AVAESCTR)); | |
| 44 | } | ||
| 45 | |||
| 46 | 2 | void av_aes_ctr_set_iv(struct AVAESCTR *a, const uint8_t* iv) | |
| 47 | { | ||
| 48 | 2 | memcpy(a->counter, iv, AES_CTR_IV_SIZE); | |
| 49 | 2 | memset(a->counter + AES_CTR_IV_SIZE, 0, sizeof(a->counter) - AES_CTR_IV_SIZE); | |
| 50 | 2 | a->block_offset = 0; | |
| 51 | 2 | } | |
| 52 | |||
| 53 | 294 | void av_aes_ctr_set_full_iv(struct AVAESCTR *a, const uint8_t* iv) | |
| 54 | { | ||
| 55 | 294 | memcpy(a->counter, iv, sizeof(a->counter)); | |
| 56 | 294 | a->block_offset = 0; | |
| 57 | 294 | } | |
| 58 | |||
| 59 | 2 | const uint8_t* av_aes_ctr_get_iv(struct AVAESCTR *a) | |
| 60 | { | ||
| 61 | 2 | return a->counter; | |
| 62 | } | ||
| 63 | |||
| 64 | 1 | void av_aes_ctr_set_random_iv(struct AVAESCTR *a) | |
| 65 | { | ||
| 66 | uint32_t iv[2]; | ||
| 67 | |||
| 68 | 1 | iv[0] = av_get_random_seed(); | |
| 69 | 1 | iv[1] = av_get_random_seed(); | |
| 70 | |||
| 71 | 1 | av_aes_ctr_set_iv(a, (uint8_t*)iv); | |
| 72 | 1 | } | |
| 73 | |||
| 74 | 10 | int av_aes_ctr_init(struct AVAESCTR *a, const uint8_t *key) | |
| 75 | { | ||
| 76 | 10 | av_aes_init(&a->aes, key, 128, 0); | |
| 77 | |||
| 78 | 10 | memset(a->counter, 0, sizeof(a->counter)); | |
| 79 | 10 | a->block_offset = 0; | |
| 80 | |||
| 81 | 10 | return 0; | |
| 82 | } | ||
| 83 | |||
| 84 | 980 | void av_aes_ctr_free(struct AVAESCTR *a) | |
| 85 | { | ||
| 86 | 980 | av_free(a); | |
| 87 | 980 | } | |
| 88 | |||
| 89 | 10374 | static inline void av_aes_ctr_increment_be64(uint8_t* counter) | |
| 90 | { | ||
| 91 | 10374 | uint64_t c = AV_RB64A(counter) + 1; | |
| 92 | 10374 | AV_WB64A(counter, c); | |
| 93 | 10374 | } | |
| 94 | |||
| 95 | ✗ | void av_aes_ctr_increment_iv(struct AVAESCTR *a) | |
| 96 | { | ||
| 97 | ✗ | av_aes_ctr_increment_be64(a->counter); | |
| 98 | ✗ | memset(a->counter + AES_CTR_IV_SIZE, 0, sizeof(a->counter) - AES_CTR_IV_SIZE); | |
| 99 | ✗ | a->block_offset = 0; | |
| 100 | ✗ | } | |
| 101 | |||
| 102 | 312 | void av_aes_ctr_crypt(struct AVAESCTR *a, uint8_t *dst, const uint8_t *src, int count) | |
| 103 | { | ||
| 104 |
3/4✓ Branch 0 taken 16 times.
✓ Branch 1 taken 296 times.
✓ Branch 2 taken 16 times.
✗ Branch 3 not taken.
|
312 | if (a->block_offset && count > 0) { |
| 105 | 16 | int left = FFMIN(count, AES_BLOCK_SIZE - a->block_offset); | |
| 106 |
2/2✓ Branch 0 taken 73 times.
✓ Branch 1 taken 16 times.
|
89 | for (int len = 0; len < left; len++) |
| 107 | 73 | dst[len] = src[len] ^ a->encrypted_counter[a->block_offset++]; | |
| 108 | 16 | a->block_offset &= AES_BLOCK_SIZE - 1; | |
| 109 | 16 | dst += left; | |
| 110 | 16 | src += left; | |
| 111 | 16 | count -= left; | |
| 112 | } | ||
| 113 | |||
| 114 |
2/2✓ Branch 0 taken 10132 times.
✓ Branch 1 taken 312 times.
|
10444 | while (count >= AES_BLOCK_SIZE) { |
| 115 | 10132 | av_aes_crypt(&a->aes, a->encrypted_counter, a->counter, 1, NULL, 0); | |
| 116 | 10132 | av_aes_ctr_increment_be64(a->counter + 8); | |
| 117 | #if HAVE_FAST_64BIT | ||
| 118 |
2/2✓ Branch 0 taken 20264 times.
✓ Branch 1 taken 10132 times.
|
30396 | for (int len = 0; len < AES_BLOCK_SIZE; len += 8) |
| 119 | 20264 | AV_WN64(&dst[len], AV_RN64(&src[len]) ^ AV_RN64A(&a->encrypted_counter[len])); | |
| 120 | #else | ||
| 121 | for (int len = 0; len < AES_BLOCK_SIZE; len += 4) | ||
| 122 | AV_WN32(&dst[len], AV_RN32(&src[len]) ^ AV_RN32A(&a->encrypted_counter[len])); | ||
| 123 | #endif | ||
| 124 | 10132 | dst += AES_BLOCK_SIZE; | |
| 125 | 10132 | src += AES_BLOCK_SIZE; | |
| 126 | 10132 | count -= AES_BLOCK_SIZE; | |
| 127 | } | ||
| 128 | |||
| 129 |
2/2✓ Branch 0 taken 242 times.
✓ Branch 1 taken 70 times.
|
312 | if (count > 0) { |
| 130 | 242 | av_aes_crypt(&a->aes, a->encrypted_counter, a->counter, 1, NULL, 0); | |
| 131 | 242 | av_aes_ctr_increment_be64(a->counter + 8); | |
| 132 |
2/2✓ Branch 0 taken 1985 times.
✓ Branch 1 taken 242 times.
|
2227 | for (int len = 0; len < count; len++) |
| 133 | 1985 | dst[len] = src[len] ^ a->encrypted_counter[a->block_offset++]; | |
| 134 | } | ||
| 135 | 312 | } | |
| 136 |