[FFmpeg-devel] Encrypted SMPTE DC MXF - additional UL needed to unpack EKLV packet

We had an issue where ffmpeg was unable to unpack the EKLV of an encrypted 3D SMPTE DC MXF.

The patch adds the SMPTE UL for EKLV packets (060e2b34.02040101.0d010301.027e0100), to mxfdec.c in order to unpack an EKLV packet found within an Encrypted SMPTE Digital Cinema MXF.

Signed-off-by: Richard Ayres <richard.ayres@bydeluxe.com>
---
 libavformat/mxfdec.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--
2.25.1

This e-mail and any attachments are intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email and any attachments is strictly prohibited. If you receive this email in error, please immediately notify the sender by return email and permanently delete the original, any copy and any printout thereof. The integrity and security of e-mail cannot be guaranteed.

On Fri, Sep 30, 2022 at 7:08 AM Richard Ayres
<Richard.Ayres@bydeluxe.com> wrote:
>
> We had an issue where ffmpeg was unable to unpack the EKLV of an encrypted 3D SMPTE DC MXF.
>
> The patch adds the SMPTE UL for EKLV packets (060e2b34.02040101.0d010301.027e0100), to mxfdec.c in order to unpack an EKLV packet found within an Encrypted SMPTE Digital Cinema MXF.
>
> Signed-off-by: Richard Ayres <richard.ayres@bydeluxe.com>
> ---
>  libavformat/mxfdec.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index badd2be224..ebd64b1c68 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -343,6 +343,7 @@ static const uint8_t mxf_apple_coll_prefix[]               = { 0x06,0x0e,0x2b,0x
>  /* complete keys to match */
>  static const uint8_t mxf_crypto_source_container_ul[]      = { 0x06,0x0e,0x2b,0x34,0x01,0x01,0x01,0x09,0x06,0x01,0x01,0x02,0x02,0x00,0x00,0x00 };
>  static const uint8_t mxf_encrypted_triplet_key[]           = { 0x06,0x0e,0x2b,0x34,0x02,0x04,0x01,0x07,0x0d,0x01,0x03,0x01,0x02,0x7e,0x01,0x00 };
> +static const uint8_t mxf_encrypted_triplet_smpte_key[]     = { 0x06,0x0e,0x2b,0x34,0x02,0x04,0x01,0x01,0x0d,0x01,0x03,0x01,0x02,0x7e,0x01,0x00 };
>  static const uint8_t mxf_encrypted_essence_container[]     = { 0x06,0x0e,0x2b,0x34,0x04,0x01,0x01,0x07,0x0d,0x01,0x03,0x01,0x02,0x0b,0x01,0x00 };
>  static const uint8_t mxf_sony_mpeg4_extradata[]            = { 0x06,0x0e,0x2b,0x34,0x04,0x01,0x01,0x01,0x0e,0x06,0x06,0x02,0x02,0x01,0x00,0x00 };
>  static const uint8_t mxf_ffv1_extradata[]                  = { 0x06,0x0e,0x2b,0x34,0x01,0x01,0x01,0x0e,0x04,0x01,0x06,0x0c,0x01,0x00,0x00,0x00 }; // FFV1InitializationMetadata
> @@ -3738,6 +3739,7 @@ static int mxf_read_header(AVFormatContext *s)
>          PRINT_KEY(s, "read header", klv.key);
>          av_log(s, AV_LOG_TRACE, "size %"PRIu64" offset %#"PRIx64"\n", klv.length, klv.offset);
>          if (IS_KLV_KEY(klv.key, mxf_encrypted_triplet_key) ||
> +            IS_KLV_KEY(klv.key, mxf_encrypted_triplet_smpte_key) ||

Calling one UL "mxf_encrypted_triplet_key" and the other
"mxf_encrypted_triplet_smpte_key" is misleading IMHO.

The only difference is the version byte, which should be ignored in
most, if not all, SMPTE UL comparisons.

I would instead use mxf_match_uid(), which ignores the version byte,
to compare the UL keys.


>              IS_KLV_KEY(klv.key, mxf_essence_element_key) ||
>              IS_KLV_KEY(klv.key, mxf_canopus_essence_element_key) ||
>              IS_KLV_KEY(klv.key, mxf_avid_essence_element_key) ||
> @@ -3983,7 +3985,8 @@ static int mxf_read_packet(AVFormatContext *s, AVPacket *pkt)
>              pos = klv.next_klv - klv.length;
>              PRINT_KEY(s, "read packet", klv.key);
>              av_log(s, AV_LOG_TRACE, "size %"PRIu64" offset %#"PRIx64"\n", klv.length, klv.offset);
> -            if (IS_KLV_KEY(klv.key, mxf_encrypted_triplet_key)) {
> +            if (IS_KLV_KEY(klv.key, mxf_encrypted_triplet_key) ||
> +                IS_KLV_KEY(klv.key, mxf_encrypted_triplet_smpte_key)) {
>                  ret = mxf_decrypt_triplet(s, pkt, &klv);
>                  if (ret < 0) {
>                      av_log(s, AV_LOG_ERROR, "invalid encoded triplet\n");
> --
> 2.25.1
>
> This e-mail and any attachments are intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email and any attachments is strictly prohibited. If you receive this email in error, please immediately notify the sender by return email and permanently delete the original, any copy and any printout thereof. The integrity and security of e-mail cannot be guaranteed.
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Thanks, Pierre-Anthony. I've updated the patch to remove the unnecessary UL and it's now using mxf_match_uid() to detect the EKLV packet.

Signed-off-by: Richard Ayres <richard.ayres@bydeluxe.com>
---
 libavformat/mxfdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index badd2be224..b1ab90f25f 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -3737,7 +3737,7 @@ static int mxf_read_header(AVFormatContext *s)

         PRINT_KEY(s, "read header", klv.key);
         av_log(s, AV_LOG_TRACE, "size %"PRIu64" offset %#"PRIx64"\n", klv.length, klv.offset);
-        if (IS_KLV_KEY(klv.key, mxf_encrypted_triplet_key) ||
+        if (mxf_match_uid(klv.key, mxf_encrypted_triplet_key, sizeof(mxf_encrypted_triplet_key)) ||
             IS_KLV_KEY(klv.key, mxf_essence_element_key) ||
             IS_KLV_KEY(klv.key, mxf_canopus_essence_element_key) ||
             IS_KLV_KEY(klv.key, mxf_avid_essence_element_key) ||
@@ -3983,7 +3983,7 @@ static int mxf_read_packet(AVFormatContext *s, AVPacket *pkt)
             pos = klv.next_klv - klv.length;
             PRINT_KEY(s, "read packet", klv.key);
             av_log(s, AV_LOG_TRACE, "size %"PRIu64" offset %#"PRIx64"\n", klv.length, klv.offset);
-            if (IS_KLV_KEY(klv.key, mxf_encrypted_triplet_key)) {
+            if (mxf_match_uid(klv.key, mxf_encrypted_triplet_key, sizeof(mxf_encrypted_triplet_key))) {
                 ret = mxf_decrypt_triplet(s, pkt, &klv);
                 if (ret < 0) {
                     av_log(s, AV_LOG_ERROR, "invalid encoded triplet\n");
--
2.25.1

mån 2022-10-03 klockan 11:47 +0000 skrev Richard Ayres:
> Thanks, Pierre-Anthony. I've updated the patch to remove the
> unnecessary UL and it's now using mxf_match_uid() to detect the EKLV
> packet.
> 
> Signed-off-by: Richard Ayres <richard.ayres@bydeluxe.com>
> ---
>  libavformat/mxfdec.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index badd2be224..b1ab90f25f 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -3737,7 +3737,7 @@ static int mxf_read_header(AVFormatContext *s)
> 
>          PRINT_KEY(s, "read header", klv.key);
>          av_log(s, AV_LOG_TRACE, "size %"PRIu64" offset
> %#"PRIx64"\n", klv.length, klv.offset);
> -        if (IS_KLV_KEY(klv.key, mxf_encrypted_triplet_key) ||
> +        if (mxf_match_uid(klv.key, mxf_encrypted_triplet_key,

Why do we have IS_KLV_KEY at all? I feel it is only appropriate in
cases where we have to deal with less-than-standard files, or if we
explicitly have to differentiate between different versions of relevant
specs.

Patch looks OK

/Tomas

On Tue, Oct 4, 2022 at 7:29 AM Tomas Härdin <git@haerdin.se> wrote:
>
> mån 2022-10-03 klockan 11:47 +0000 skrev Richard Ayres:
> > Thanks, Pierre-Anthony. I've updated the patch to remove the
> > unnecessary UL and it's now using mxf_match_uid() to detect the EKLV
> > packet.
> >
> > Signed-off-by: Richard Ayres <richard.ayres@bydeluxe.com>
> > ---
> >  libavformat/mxfdec.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > index badd2be224..b1ab90f25f 100644
> > --- a/libavformat/mxfdec.c
> > +++ b/libavformat/mxfdec.c
> > @@ -3737,7 +3737,7 @@ static int mxf_read_header(AVFormatContext *s)
> >
> >          PRINT_KEY(s, "read header", klv.key);
> >          av_log(s, AV_LOG_TRACE, "size %"PRIu64" offset
> > %#"PRIx64"\n", klv.length, klv.offset);
> > -        if (IS_KLV_KEY(klv.key, mxf_encrypted_triplet_key) ||
> > +        if (mxf_match_uid(klv.key, mxf_encrypted_triplet_key,
>
> Why do we have IS_KLV_KEY at all? I feel it is only appropriate in
> cases where we have to deal with less-than-standard files, or if we
> explicitly have to differentiate between different versions of relevant
> specs.

SMPTE ULs should always be compared ignoring the version byte -- but
for exceptional cases.

mxf_match_uid() should probably be renamed mxf_match_ul() since a UID
can also be a UUID and.

>
> Patch looks OK

+1

>
> /Tomas
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

tis 2022-10-04 klockan 07:50 -0700 skrev Pierre-Anthony Lemieux:
> On Tue, Oct 4, 2022 at 7:29 AM Tomas Härdin <git@haerdin.se> wrote:
> > 
> > mån 2022-10-03 klockan 11:47 +0000 skrev Richard Ayres:
> > > Thanks, Pierre-Anthony. I've updated the patch to remove the
> > > unnecessary UL and it's now using mxf_match_uid() to detect the
> > > EKLV
> > > packet.
> > > 
> > > Signed-off-by: Richard Ayres <richard.ayres@bydeluxe.com>
> > > ---
> > >  libavformat/mxfdec.c | 4 ++--
> > >  1 file changed, 2 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > > index badd2be224..b1ab90f25f 100644
> > > --- a/libavformat/mxfdec.c
> > > +++ b/libavformat/mxfdec.c
> > > @@ -3737,7 +3737,7 @@ static int mxf_read_header(AVFormatContext
> > > *s)
> > > 
> > >          PRINT_KEY(s, "read header", klv.key);
> > >          av_log(s, AV_LOG_TRACE, "size %"PRIu64" offset
> > > %#"PRIx64"\n", klv.length, klv.offset);
> > > -        if (IS_KLV_KEY(klv.key, mxf_encrypted_triplet_key) ||
> > > +        if (mxf_match_uid(klv.key, mxf_encrypted_triplet_key,
> > 
> > Why do we have IS_KLV_KEY at all? I feel it is only appropriate in
> > cases where we have to deal with less-than-standard files, or if we
> > explicitly have to differentiate between different versions of
> > relevant
> > specs.
> 
> SMPTE ULs should always be compared ignoring the version byte -- but
> for exceptional cases.
> 
> mxf_match_uid() should probably be renamed mxf_match_ul() since a UID
> can also be a UUID and.

Oh yeah, UUIDs *must* be just memcpy()'d IIRC. Perhaps we should have
three functions to be extra explicit: mxf_match_ul(), mxf_match_uid()
and mxf_match_uuid()..

/Tomas

On Tue, Oct 4, 2022 at 7:59 AM Tomas Härdin <git@haerdin.se> wrote:
>
> tis 2022-10-04 klockan 07:50 -0700 skrev Pierre-Anthony Lemieux:
> > On Tue, Oct 4, 2022 at 7:29 AM Tomas Härdin <git@haerdin.se> wrote:
> > >
> > > mån 2022-10-03 klockan 11:47 +0000 skrev Richard Ayres:
> > > > Thanks, Pierre-Anthony. I've updated the patch to remove the
> > > > unnecessary UL and it's now using mxf_match_uid() to detect the
> > > > EKLV
> > > > packet.
> > > >
> > > > Signed-off-by: Richard Ayres <richard.ayres@bydeluxe.com>
> > > > ---
> > > >  libavformat/mxfdec.c | 4 ++--
> > > >  1 file changed, 2 insertions(+), 2 deletions(-)
> > > >
> > > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > > > index badd2be224..b1ab90f25f 100644
> > > > --- a/libavformat/mxfdec.c
> > > > +++ b/libavformat/mxfdec.c
> > > > @@ -3737,7 +3737,7 @@ static int mxf_read_header(AVFormatContext
> > > > *s)
> > > >
> > > >          PRINT_KEY(s, "read header", klv.key);
> > > >          av_log(s, AV_LOG_TRACE, "size %"PRIu64" offset
> > > > %#"PRIx64"\n", klv.length, klv.offset);
> > > > -        if (IS_KLV_KEY(klv.key, mxf_encrypted_triplet_key) ||
> > > > +        if (mxf_match_uid(klv.key, mxf_encrypted_triplet_key,
> > >
> > > Why do we have IS_KLV_KEY at all? I feel it is only appropriate in
> > > cases where we have to deal with less-than-standard files, or if we
> > > explicitly have to differentiate between different versions of
> > > relevant
> > > specs.
> >
> > SMPTE ULs should always be compared ignoring the version byte -- but
> > for exceptional cases.
> >
> > mxf_match_uid() should probably be renamed mxf_match_ul() since a UID
> > can also be a UUID and.
>
> Oh yeah, UUIDs *must* be just memcpy()'d IIRC. Perhaps we should have
> three functions to be extra explicit: mxf_match_ul(), mxf_match_uid()
> and mxf_match_uuid()..

av_uuid_equal() already exists.

>
> /Tomas
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

mån 2022-10-03 klockan 11:47 +0000 skrev Richard Ayres:
> Thanks, Pierre-Anthony. I've updated the patch to remove the
> unnecessary UL and it's now using mxf_match_uid() to detect the EKLV
> packet.
> 
> Signed-off-by: Richard Ayres <richard.ayres@bydeluxe.com>
> ---
>  libavformat/mxfdec.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index badd2be224..b1ab90f25f 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -3737,7 +3737,7 @@ static int mxf_read_header(AVFormatContext *s)
> 
>          PRINT_KEY(s, "read header", klv.key);
>          av_log(s, AV_LOG_TRACE, "size %"PRIu64" offset
> %#"PRIx64"\n", klv.length, klv.offset);
> -        if (IS_KLV_KEY(klv.key, mxf_encrypted_triplet_key) ||
> +        if (mxf_match_uid(klv.key, mxf_encrypted_triplet_key,
> sizeof(mxf_encrypted_triplet_key)) ||
>              IS_KLV_KEY(klv.key, mxf_essence_element_key) ||
>              IS_KLV_KEY(klv.key, mxf_canopus_essence_element_key) ||
>              IS_KLV_KEY(klv.key, mxf_avid_essence_element_key) ||
> @@ -3983,7 +3983,7 @@ static int mxf_read_packet(AVFormatContext *s,
> AVPacket *pkt)
>              pos = klv.next_klv - klv.length;
>              PRINT_KEY(s, "read packet", klv.key);
>              av_log(s, AV_LOG_TRACE, "size %"PRIu64" offset
> %#"PRIx64"\n", klv.length, klv.offset);
> -            if (IS_KLV_KEY(klv.key, mxf_encrypted_triplet_key)) {
> +            if (mxf_match_uid(klv.key, mxf_encrypted_triplet_key,
> sizeof(mxf_encrypted_triplet_key))) {

Passes FATE. Will push later today

/Tomas

> > mån 2022-10-03 klockan 11:47 +0000 skrev Richard Ayres:
> > Thanks, Pierre-Anthony. I've updated the patch to remove the
> > unnecessary UL and it's now using mxf_match_uid() to detect the EKLV
> > packet.
> >
> > Signed-off-by: Richard Ayres <richard.ayres@bydeluxe.com>
> > ---
> >  libavformat/mxfdec.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > index badd2be224..b1ab90f25f 100644
> > --- a/libavformat/mxfdec.c
> > +++ b/libavformat/mxfdec.c
> > @@ -3737,7 +3737,7 @@ static int mxf_read_header(AVFormatContext *s)
> >
> >          PRINT_KEY(s, "read header", klv.key);
> >          av_log(s, AV_LOG_TRACE, "size %"PRIu64" offset
> > %#"PRIx64"\n", klv.length, klv.offset);
> > -        if (IS_KLV_KEY(klv.key, mxf_encrypted_triplet_key) ||
> > +        if (mxf_match_uid(klv.key, mxf_encrypted_triplet_key,
> > sizeof(mxf_encrypted_triplet_key)) ||
> >              IS_KLV_KEY(klv.key, mxf_essence_element_key) ||
> >              IS_KLV_KEY(klv.key, mxf_canopus_essence_element_key) ||
> >              IS_KLV_KEY(klv.key, mxf_avid_essence_element_key) ||
> > @@ -3983,7 +3983,7 @@ static int mxf_read_packet(AVFormatContext *s,
> > AVPacket *pkt)
> >              pos = klv.next_klv - klv.length;
> >              PRINT_KEY(s, "read packet", klv.key);
> >              av_log(s, AV_LOG_TRACE, "size %"PRIu64" offset
> > %#"PRIx64"\n", klv.length, klv.offset);
> > -            if (IS_KLV_KEY(klv.key, mxf_encrypted_triplet_key)) {
> > +            if (mxf_match_uid(klv.key, mxf_encrypted_triplet_key,
> > sizeof(mxf_encrypted_triplet_key))) {
>
> Passes FATE. Will push later today
>
> /Tomas

Great. Thank you.
Richard Ayres
This e-mail and any attachments are intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email and any attachments is strictly prohibited. If you receive this email in error, please immediately notify the sender by return email and permanently delete the original, any copy and any printout thereof. The integrity and security of e-mail cannot be guaranteed.

ons 2022-10-05 klockan 14:18 +0000 skrev Richard Ayres:
> > > mån 2022-10-03 klockan 11:47 +0000 skrev Richard Ayres:
> > > Thanks, Pierre-Anthony. I've updated the patch to remove the
> > > unnecessary UL and it's now using mxf_match_uid() to detect the
> > > EKLV
> > > packet.
> > > 
> > > Signed-off-by: Richard Ayres <richard.ayres@bydeluxe.com>
> > > ---
> > >  libavformat/mxfdec.c | 4 ++--
> > >  1 file changed, 2 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > > index badd2be224..b1ab90f25f 100644
> > > --- a/libavformat/mxfdec.c
> > > +++ b/libavformat/mxfdec.c
> > > @@ -3737,7 +3737,7 @@ static int mxf_read_header(AVFormatContext
> > > *s)
> > > 
> > >          PRINT_KEY(s, "read header", klv.key);
> > >          av_log(s, AV_LOG_TRACE, "size %"PRIu64" offset
> > > %#"PRIx64"\n", klv.length, klv.offset);
> > > -        if (IS_KLV_KEY(klv.key, mxf_encrypted_triplet_key) ||
> > > +        if (mxf_match_uid(klv.key, mxf_encrypted_triplet_key,
> > > sizeof(mxf_encrypted_triplet_key)) ||
> > >              IS_KLV_KEY(klv.key, mxf_essence_element_key) ||
> > >              IS_KLV_KEY(klv.key, mxf_canopus_essence_element_key)
> > > ||
> > >              IS_KLV_KEY(klv.key, mxf_avid_essence_element_key) ||
> > > @@ -3983,7 +3983,7 @@ static int mxf_read_packet(AVFormatContext
> > > *s,
> > > AVPacket *pkt)
> > >              pos = klv.next_klv - klv.length;
> > >              PRINT_KEY(s, "read packet", klv.key);
> > >              av_log(s, AV_LOG_TRACE, "size %"PRIu64" offset
> > > %#"PRIx64"\n", klv.length, klv.offset);
> > > -            if (IS_KLV_KEY(klv.key, mxf_encrypted_triplet_key))
> > > {
> > > +            if (mxf_match_uid(klv.key,
> > > mxf_encrypted_triplet_key,
> > > sizeof(mxf_encrypted_triplet_key))) {
> > 
> > Passes FATE. Will push later today
> > 
> > /Tomas
> 
> Great. Thank you.

Pushed

/Tomas