gstreamer/subprojects/gst-plugins-bad/ext/aes/gstaesdec.c
Jan Schmidt 452890093d aesdec: Fix padding removal for per-buffer-padding=FALSE
When per-buffer-padding is FALSE, the OpenSSL context needs
to be told to remove any padding at the end of the ciphertext

Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1243

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/3406>
2022-11-15 00:13:15 +11:00

624 lines
20 KiB
C

/*
* GStreamer gstreamer-aesdec
*
* Copyright, LCC (C) 2015 RidgeRun, LCC <carsten.behling@ridgerun.com>
* Copyright, LCC (C) 2016 RidgeRun, LCC <jose.jimenez@ridgerun.com>
* Copyright (C) 2020 Nice, Contact: Rabindra Harlalka <Rabindra.Harlalka@nice.com>
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*
* Alternatively, the contents of this file may be used under the
* GNU Lesser General Public License Version 2.1 (the "LGPL"), in
* which case the following provisions apply instead of the ones
* mentioned above:
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1335, USA.
*/
/**
* SECTION:element-aesdec
*
* AES decryption
*
* ## Example
*
* |[
* echo "This is an AES crypto test ... " > plain.txt && \
* gst-launch-1.0 filesrc location=plain.txt ! \
* aesenc key=1f9423681beb9a79215820f6bda73d0f iv=e9aa8e834d8d70b7e0d254ff670dd718 ! \
* aesdec key=1f9423681beb9a79215820f6bda73d0f iv=e9aa8e834d8d70b7e0d254ff670dd718 ! \
* filesink location=dec.txt && \
* cat dec.txt
*
* ]|
*
* Since: 1.20
*/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
#include <gst/gst.h>
#include <gst/base/gstbasetransform.h>
#include <string.h>
#include "gstaeshelper.h"
#include "gstaesdec.h"
GST_DEBUG_CATEGORY_STATIC (gst_aes_dec_debug);
#define GST_CAT_DEFAULT gst_aes_dec_debug
G_DEFINE_TYPE_WITH_CODE (GstAesDec, gst_aes_dec, GST_TYPE_BASE_TRANSFORM,
GST_DEBUG_CATEGORY_INIT (gst_aes_dec_debug, "aesdec", 0,
"aesdec AES decryption element")
);
GST_ELEMENT_REGISTER_DEFINE (aesdec, "aesdec", GST_RANK_PRIMARY,
GST_TYPE_AES_DEC);
static GstStaticPadTemplate sink_template = GST_STATIC_PAD_TEMPLATE ("sink",
GST_PAD_SINK,
GST_PAD_ALWAYS,
GST_STATIC_CAPS ("ANY")
);
static GstStaticPadTemplate src_template = GST_STATIC_PAD_TEMPLATE ("src",
GST_PAD_SRC,
GST_PAD_ALWAYS,
GST_STATIC_CAPS ("ANY")
);
static void gst_aes_dec_set_property (GObject * object, guint prop_id,
const GValue * value, GParamSpec * pspec);
static void gst_aes_dec_get_property (GObject * object, guint prop_id,
GValue * value, GParamSpec * pspec);
static GstFlowReturn gst_aes_dec_transform (GstBaseTransform * base,
GstBuffer * inbuf, GstBuffer * outbuf);
static GstFlowReturn gst_aes_dec_prepare_output_buffer (GstBaseTransform * base,
GstBuffer * inbuf, GstBuffer ** outbuf);
static gboolean
gst_aes_dec_sink_event (GstBaseTransform * base, GstEvent * event);
static gboolean gst_aes_dec_start (GstBaseTransform * base);
static gboolean gst_aes_dec_stop (GstBaseTransform * base);
/* aes_dec helper functions */
static gboolean gst_aes_dec_openssl_init (GstAesDec * filter);
static gboolean gst_aes_dec_init_cipher (GstAesDec * filter);
static void gst_aes_dec_finalize (GObject * object);
/* GObject vmethod implementations */
/* initialize class */
static void
gst_aes_dec_class_init (GstAesDecClass * klass)
{
GObjectClass *gobject_class;
GstElementClass *gstelement_class;
gobject_class = (GObjectClass *) klass;
gstelement_class = (GstElementClass *) klass;
gobject_class->set_property = gst_aes_dec_set_property;
gobject_class->get_property = gst_aes_dec_get_property;
gobject_class->finalize = gst_aes_dec_finalize;
gst_type_mark_as_plugin_api (GST_TYPE_AES_CIPHER, 0);
/**
* GstAesDec:cipher
*
* AES cipher mode (key length and mode)
* Currently, 128 and 256 bit keys are supported,
* in "cipher block chaining" (CBC) mode
*
* Since: 1.20
*/
g_object_class_install_property (gobject_class, PROP_CIPHER,
g_param_spec_enum ("cipher",
"Cipher",
"cipher mode",
GST_TYPE_AES_CIPHER, GST_AES_DEFAULT_CIPHER_MODE,
(G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS |
GST_PARAM_MUTABLE_READY)));
/**
* GstAesDec:serialize-iv
*
* If true, read initialization vector from first 16 bytes of first buffer
*
* Since: 1.20
*/
g_object_class_install_property (gobject_class, PROP_SERIALIZE_IV,
g_param_spec_boolean ("serialize-iv", "Serialize IV",
"Read initialization vector from first 16 bytes of first buffer",
GST_AES_DEFAULT_SERIALIZE_IV,
G_PARAM_READWRITE | GST_PARAM_MUTABLE_READY));
/**
* GstAesDec:per-buffer-padding
*
* If true, each buffer will be padded using PKCS7 padding
* If false, only the final buffer in the stream will be padded
* (by OpenSSL) using PKCS7
*
* Since: 1.20
*/
g_object_class_install_property (gobject_class, PROP_PER_BUFFER_PADDING,
g_param_spec_boolean ("per-buffer-padding", "Per buffer padding",
"If true, pad each buffer using PKCS7 padding scheme. Otherwise, only"
"pad final buffer",
GST_AES_PER_BUFFER_PADDING_DEFAULT,
G_PARAM_READWRITE | GST_PARAM_MUTABLE_READY));
/**
* GstAesDec:key
*
* AES encryption key (hexadecimal)
*
* Since: 1.20
*/
g_object_class_install_property (gobject_class, PROP_KEY,
g_param_spec_string ("key", "Key",
"AES encryption key (in hexadecimal). Length (in bytes) must be equivalent to "
"the number of bits in the key length : "
"16 bytes for AES 128 and 32 bytes for AES 256",
(gchar *) GST_AES_DEFAULT_KEY,
G_PARAM_READWRITE | GST_PARAM_MUTABLE_READY));
/**
* GstAesDec:iv
*
* AES encryption initialization vector (hexadecimal)
*
* Since: 1.20
*/
g_object_class_install_property (gobject_class, PROP_IV,
g_param_spec_string ("iv", "Iv",
"AES encryption initialization vector (in hexadecimal). "
"Length must equal AES block length (16 bytes)",
(gchar *) GST_AES_DEFAULT_IV,
G_PARAM_READWRITE | GST_PARAM_MUTABLE_READY));
gst_element_class_set_details_simple (gstelement_class,
"aesdec",
"Generic/Filter",
"AES buffer decryption",
"Rabindra Harlalka <Rabindra.Harlalka@nice.com>");
gst_element_class_add_pad_template (gstelement_class,
gst_static_pad_template_get (&src_template));
gst_element_class_add_pad_template (gstelement_class,
gst_static_pad_template_get (&sink_template));
GST_BASE_TRANSFORM_CLASS (klass)->transform =
GST_DEBUG_FUNCPTR (gst_aes_dec_transform);
GST_BASE_TRANSFORM_CLASS (klass)->prepare_output_buffer =
GST_DEBUG_FUNCPTR (gst_aes_dec_prepare_output_buffer);
GST_BASE_TRANSFORM_CLASS (klass)->start =
GST_DEBUG_FUNCPTR (gst_aes_dec_start);
GST_BASE_TRANSFORM_CLASS (klass)->sink_event =
GST_DEBUG_FUNCPTR (gst_aes_dec_sink_event);
GST_BASE_TRANSFORM_CLASS (klass)->stop = GST_DEBUG_FUNCPTR (gst_aes_dec_stop);
}
/* Initialize element
*/
static void
gst_aes_dec_init (GstAesDec * filter)
{
GST_INFO_OBJECT (filter, "Initializing plugin");
filter->cipher = GST_AES_DEFAULT_CIPHER_MODE;
filter->awaiting_first_buffer = TRUE;
filter->per_buffer_padding = GST_AES_PER_BUFFER_PADDING_DEFAULT;
g_mutex_init (&filter->decoder_lock);
}
static void
gst_aes_dec_finalize (GObject * object)
{
GstAesDec *filter = GST_AES_DEC (object);
g_mutex_clear (&filter->decoder_lock);
G_OBJECT_CLASS (gst_aes_dec_parent_class)->finalize (object);
}
static void
gst_aes_dec_set_property (GObject * object, guint prop_id,
const GValue * value, GParamSpec * pspec)
{
GstAesDec *filter = GST_AES_DEC (object);
g_mutex_lock (&filter->decoder_lock);
/* no property may be set after first output buffer is prepared */
if (filter->locked_properties) {
GST_WARNING_OBJECT (filter,
"Properties cannot be set once buffers begin flowing in element. Ignored");
goto cleanup;
}
switch (prop_id) {
case PROP_CIPHER:
filter->cipher = g_value_get_enum (value);
filter->evp_cipher =
EVP_get_cipherbyname (gst_aes_cipher_enum_to_string (filter->cipher));
GST_DEBUG_OBJECT (filter, "cipher: %s",
gst_aes_cipher_enum_to_string (filter->cipher));
break;
case PROP_SERIALIZE_IV:
filter->serialize_iv = g_value_get_boolean (value);
GST_DEBUG_OBJECT (filter, "serialize iv: %s",
filter->serialize_iv ? "TRUE" : "FALSE");
break;
case PROP_PER_BUFFER_PADDING:
filter->per_buffer_padding = g_value_get_boolean (value);
GST_DEBUG_OBJECT (filter, "Per buffer padding: %s",
filter->per_buffer_padding ? "TRUE" : "FALSE");
break;
case PROP_KEY:
{
guint hex_len = gst_aes_hexstring2bytearray (GST_ELEMENT (filter),
g_value_get_string (value), filter->key);
if (!hex_len) {
GST_ERROR_OBJECT (filter, "invalid key");
goto cleanup;
}
GST_DEBUG_OBJECT (filter, "key: %s", g_value_get_string (value));
}
break;
case PROP_IV:
{
gchar iv_string[2 * GST_AES_BLOCK_SIZE + 1];
guint hex_len = gst_aes_hexstring2bytearray (GST_ELEMENT (filter),
g_value_get_string (value), filter->iv);
if (hex_len != GST_AES_BLOCK_SIZE) {
GST_ERROR_OBJECT (filter, "invalid initialization vector");
goto cleanup;
}
GST_DEBUG_OBJECT (filter, "iv: %s",
gst_aes_bytearray2hexstring (filter->iv, iv_string,
GST_AES_BLOCK_SIZE));
}
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
}
cleanup:
g_mutex_unlock (&filter->decoder_lock);
}
static void
gst_aes_dec_get_property (GObject * object, guint prop_id,
GValue * value, GParamSpec * pspec)
{
GstAesDec *filter = GST_AES_DEC (object);
switch (prop_id) {
case PROP_CIPHER:
g_value_set_enum (value, filter->cipher);
break;
case PROP_SERIALIZE_IV:
g_value_set_boolean (value, filter->serialize_iv);
break;
case PROP_PER_BUFFER_PADDING:
g_value_set_boolean (value, filter->per_buffer_padding);
break;
case PROP_KEY:
g_value_set_string (value, (gchar *) filter->key);
break;
case PROP_IV:
g_value_set_string (value, (gchar *) filter->iv);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
}
}
static gboolean
gst_aes_dec_sink_event (GstBaseTransform * base, GstEvent * event)
{
GstAesDec *filter = GST_AES_DEC (base);
g_mutex_lock (&filter->decoder_lock);
if (GST_EVENT_TYPE (event) == GST_EVENT_EOS) {
GST_DEBUG_OBJECT (filter, "Received EOS on sink pad");
if (!filter->per_buffer_padding && !filter->awaiting_first_buffer) {
GstBuffer *outbuf = NULL;
gint len;
GstMapInfo outmap;
outbuf = gst_buffer_new_allocate (NULL, EVP_MAX_BLOCK_LENGTH, NULL);
if (outbuf == NULL) {
GST_DEBUG_OBJECT (filter,
"Failed to allocate a new buffer of length %d",
EVP_MAX_BLOCK_LENGTH);
goto buffer_fail;
}
if (!gst_buffer_map (outbuf, &outmap, GST_MAP_WRITE)) {
GST_DEBUG_OBJECT (filter,
"gst_buffer_map on outbuf failed for final buffer.");
gst_buffer_unref (outbuf);
goto buffer_fail;
}
if (1 != EVP_CipherFinal_ex (filter->evp_ctx, outmap.data, &len)) {
GST_DEBUG_OBJECT (filter, "Could not finalize openssl encryption");
gst_buffer_unmap (outbuf, &outmap);
gst_buffer_unref (outbuf);
goto cipher_fail;
}
if (len == 0) {
GST_DEBUG_OBJECT (filter, "Not pushing final buffer as length is 0");
gst_buffer_unmap (outbuf, &outmap);
gst_buffer_unref (outbuf);
goto out;
}
GST_DEBUG_OBJECT (filter, "Pushing final buffer of length: %d", len);
gst_buffer_unmap (outbuf, &outmap);
gst_buffer_set_size (outbuf, len);
if (gst_pad_push (base->srcpad, outbuf) != GST_FLOW_OK) {
GST_DEBUG_OBJECT (filter, "Failed to push the final buffer");
goto push_fail;
}
} else {
GST_DEBUG_OBJECT (filter,
"Not pushing final buffer as we didn't have any input");
}
}
out:
g_mutex_unlock (&filter->decoder_lock);
return GST_BASE_TRANSFORM_CLASS (gst_aes_dec_parent_class)->sink_event (base,
event);
/* ERROR */
buffer_fail:
GST_ELEMENT_ERROR (filter, RESOURCE, FAILED, (NULL),
("Failed to allocate or map buffer for writing"));
g_mutex_unlock (&filter->decoder_lock);
return FALSE;
cipher_fail:
GST_ELEMENT_ERROR (filter, STREAM, FAILED, ("Cipher finalization failed."),
("Error while finalizing the stream"));
g_mutex_unlock (&filter->decoder_lock);
return FALSE;
push_fail:
GST_ELEMENT_ERROR (filter, CORE, PAD, (NULL),
("Failed to push the final buffer"));
g_mutex_unlock (&filter->decoder_lock);
return FALSE;
}
/* GstBaseTransform vmethod implementations */
static GstFlowReturn
gst_aes_dec_transform (GstBaseTransform * base,
GstBuffer * inbuf, GstBuffer * outbuf)
{
GstAesDec *filter = GST_AES_DEC (base);
GstFlowReturn ret = GST_FLOW_ERROR;
GstMapInfo inmap, outmap;
guchar *ciphertext;
gint ciphertext_len;
guchar *plaintext;
gint plaintext_len;
guint padding = 0;
if (!gst_buffer_map (inbuf, &inmap, GST_MAP_READ)) {
GST_ELEMENT_ERROR (filter, RESOURCE, FAILED, (NULL),
("Failed to map buffer for reading"));
goto cleanup;
}
if (!gst_buffer_map (outbuf, &outmap, GST_MAP_WRITE)) {
gst_buffer_unmap (inbuf, &inmap);
GST_ELEMENT_ERROR (filter, RESOURCE, FAILED, (NULL),
("Failed to map buffer for writing"));
goto cleanup;
}
/* DECRYPTING */
ciphertext = inmap.data;
ciphertext_len = gst_buffer_get_size (inbuf);
if (filter->awaiting_first_buffer) {
if (filter->serialize_iv) {
gchar iv_string[2 * GST_AES_BLOCK_SIZE + 1];
if (ciphertext_len < GST_AES_BLOCK_SIZE) {
GST_ELEMENT_ERROR (filter, RESOURCE, FAILED, (NULL),
("Cipher text too short"));
goto cleanup;
}
memcpy (filter->iv, ciphertext, GST_AES_BLOCK_SIZE);
GST_DEBUG_OBJECT (filter, "read serialized iv: %s",
gst_aes_bytearray2hexstring (filter->iv, iv_string,
GST_AES_BLOCK_SIZE));
ciphertext += GST_AES_BLOCK_SIZE;
ciphertext_len -= GST_AES_BLOCK_SIZE;
}
if (!gst_aes_dec_init_cipher (filter)) {
GST_ELEMENT_ERROR (filter, RESOURCE, FAILED, (NULL),
("Failed to initialize cipher"));
goto cleanup;
}
}
plaintext = outmap.data;
if (!EVP_CipherUpdate (filter->evp_ctx, plaintext,
&plaintext_len, ciphertext, ciphertext_len)) {
GST_ELEMENT_ERROR (filter, STREAM, FAILED, ("Cipher update failed."),
("Error while updating openssl cipher"));
goto cleanup;
} else {
if (filter->per_buffer_padding) {
gint k;
/* sanity check on padding value */
padding = plaintext[plaintext_len - 1];
if (padding == 0 || padding > GST_AES_BLOCK_SIZE) {
GST_ELEMENT_ERROR (filter, STREAM, FAILED, ("Corrupt cipher text."),
("Illegal PKCS7 padding value %d", padding));
goto cleanup;
}
for (k = 1; k < padding; ++k) {
if (plaintext[plaintext_len - 1 - k] != padding) {
GST_ELEMENT_ERROR (filter, STREAM, FAILED, ("Corrupt cipher text."),
("PKCS7 padding values must all be equal"));
goto cleanup;
}
}
/* remove padding (final block padding) */
plaintext_len -= padding;
}
if (plaintext_len > 2 * GST_AES_BLOCK_SIZE)
GST_MEMDUMP ("First 32 bytes of plain text", plaintext,
2 * GST_AES_BLOCK_SIZE);
}
gst_buffer_unmap (inbuf, &inmap);
gst_buffer_unmap (outbuf, &outmap);
GST_LOG_OBJECT (filter,
"Ciphertext len: %d, Plaintext len: %d, Padding: %d",
ciphertext_len, plaintext_len, padding);
gst_buffer_set_size (outbuf, plaintext_len);
ret = GST_FLOW_OK;
cleanup:
filter->awaiting_first_buffer = FALSE;
return ret;
}
static GstFlowReturn
gst_aes_dec_prepare_output_buffer (GstBaseTransform * base,
GstBuffer * inbuf, GstBuffer ** outbuf)
{
GstAesDec *filter = GST_AES_DEC (base);
GstBaseTransformClass *bclass = GST_BASE_TRANSFORM_GET_CLASS (base);
guint out_size;
g_mutex_lock (&filter->decoder_lock);
filter->locked_properties = TRUE;
/* we need extra space at end of output buffer
* when we let OpenSSL handle PKCS7 padding */
out_size = (gint) gst_buffer_get_size (inbuf) +
(!filter->per_buffer_padding ? GST_AES_BLOCK_SIZE : 0);
/* Since serialized IV is stripped from first buffer,
* reduce output buffer size by GST_AES_BLOCK_SIZE in this case */
if (filter->serialize_iv && filter->awaiting_first_buffer) {
g_assert (gst_buffer_get_size (inbuf) > GST_AES_BLOCK_SIZE);
out_size -= GST_AES_BLOCK_SIZE;
}
g_mutex_unlock (&filter->decoder_lock);
*outbuf = gst_buffer_new_allocate (NULL, out_size, NULL);
GST_LOG_OBJECT (filter,
"Input buffer size %d,\nAllocating output buffer size: %d",
(gint) gst_buffer_get_size (inbuf), out_size);
bclass->copy_metadata (base, inbuf, *outbuf);
return GST_FLOW_OK;
}
static gboolean
gst_aes_dec_start (GstBaseTransform * base)
{
GstAesDec *filter = GST_AES_DEC (base);
GST_INFO_OBJECT (filter, "Starting");
if (!gst_aes_dec_openssl_init (filter)) {
GST_ERROR_OBJECT (filter, "OpenSSL initialization failed");
return FALSE;
}
if (!filter->serialize_iv) {
if (!gst_aes_dec_init_cipher (filter))
return FALSE;
}
GST_INFO_OBJECT (filter, "Start successful");
return TRUE;
}
static gboolean
gst_aes_dec_init_cipher (GstAesDec * filter)
{
if (!EVP_CipherInit_ex (filter->evp_ctx, filter->evp_cipher, NULL,
filter->key, filter->iv, FALSE)) {
GST_ERROR_OBJECT (filter, "Could not initialize openssl cipher");
return FALSE;
}
if (!EVP_CIPHER_CTX_set_padding (filter->evp_ctx,
filter->per_buffer_padding ? 0 : 1)) {
GST_ERROR_OBJECT (filter, "Could not set padding");
return FALSE;
}
return TRUE;
}
static gboolean
gst_aes_dec_stop (GstBaseTransform * base)
{
GstAesDec *filter = GST_AES_DEC (base);
GST_INFO_OBJECT (filter, "Stopping");
EVP_CIPHER_CTX_free (filter->evp_ctx);
return TRUE;
}
/* AesDec helper functions */
static gboolean
gst_aes_dec_openssl_init (GstAesDec * filter)
{
GST_DEBUG_OBJECT (filter, "Initializing with %s",
OpenSSL_version (OPENSSL_VERSION));
filter->evp_cipher =
EVP_get_cipherbyname (gst_aes_cipher_enum_to_string (filter->cipher));
if (!filter->evp_cipher) {
GST_ERROR_OBJECT (filter, "Could not get cipher by name from openssl");
return FALSE;
}
if (!(filter->evp_ctx = EVP_CIPHER_CTX_new ()))
return FALSE;
GST_LOG_OBJECT (filter, "Initialization successful");
return TRUE;
}