CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/maven-org-bytedeco--ffmpeg

JavaCPP bindings for FFmpeg multimedia framework providing comprehensive Java access to audio/video encoding, decoding, filtering, and format conversion

Pending
Overview
Eval results
Files

cryptographic-security.mddocs/

Cryptographic and Security Features

Cryptographic functions and security features for multimedia data protection, including AES encryption, hash functions, and media content encryption support.

Capabilities

AES Encryption/Decryption

AES Context Management

/**
 * Get size of AVAES context structure
 * @return Size in bytes required for AES context
 */
int av_aes_size();

/**
 * Allocate AES context
 * @return New AES context or null on failure
 */
AVAES av_aes_alloc();

/**
 * Initialize AES context with key
 * @param a AES context to initialize
 * @param key Encryption key (16, 24, or 32 bytes)
 * @param key_bits Key size in bits (128, 192, or 256)
 * @param decrypt 0 for encryption, 1 for decryption
 * @return 0 on success, negative AVERROR on failure
 */
int av_aes_init(AVAES a, byte[] key, int key_bits, int decrypt);

Usage Example:

import org.bytedeco.ffmpeg.avutil.*;
import static org.bytedeco.ffmpeg.global.avutil.*;

// Create AES-256 encryption context
AVAES aesCtx = av_aes_alloc();
byte[] key = new byte[32]; // 256-bit key
// ... fill key with random data ...

int result = av_aes_init(aesCtx, key, 256, 0); // 0 = encrypt mode
if (result < 0) {
    throw new RuntimeException("Failed to initialize AES context");
}

// Use context for encryption operations
// ... cleanup when done

AES Encryption Operations

/**
 * Encrypt or decrypt data using AES
 * @param a Initialized AES context
 * @param dst Destination buffer for processed data
 * @param src Source data to process
 * @param count Number of 16-byte blocks to process
 * @param iv Initialization vector (16 bytes, modified during operation)
 * @param decrypt 0 for encryption, 1 for decryption
 */
void av_aes_crypt(AVAES a, byte[] dst, byte[] src, int count, byte[] iv, int decrypt);

Usage Example:

// Encrypt data using AES-256-CBC
byte[] plaintext = "This is secret data that needs encryption.".getBytes();
byte[] ciphertext = new byte[plaintext.length];
byte[] iv = new byte[16]; // Initialization vector
// ... fill IV with random data ...

// Pad plaintext to 16-byte boundary
int blockCount = (plaintext.length + 15) / 16;
byte[] paddedPlaintext = new byte[blockCount * 16];
System.arraycopy(plaintext, 0, paddedPlaintext, 0, plaintext.length);

// Encrypt
av_aes_crypt(aesCtx, ciphertext, paddedPlaintext, blockCount, iv, 0);
System.out.println("Data encrypted successfully");

AES-CTR Mode Encryption

AES-CTR Context Management

/**
 * Allocate AES-CTR context for counter mode encryption
 * @return New AES-CTR context or null on failure
 */
AVAESCTR av_aes_ctr_alloc();

/**
 * Initialize AES-CTR context
 * @param a AES-CTR context to initialize
 * @param key Encryption key (16 bytes for AES-128)
 * @return 0 on success, negative AVERROR on failure
 */
int av_aes_ctr_init(AVAESCTR a, byte[] key);

/**
 * Encrypt/decrypt data using AES-CTR mode
 * @param a Initialized AES-CTR context
 * @param dst Destination buffer
 * @param src Source data
 * @param size Number of bytes to process
 */
void av_aes_ctr_crypt(AVAESCTR a, byte[] dst, byte[] src, int size);

Usage Example:

// AES-CTR encryption (stream cipher mode)
AVAESCTR aesCtrCtx = av_aes_ctr_alloc();
byte[] ctrKey = new byte[16]; // 128-bit key for CTR mode
// ... fill key ...

int result = av_aes_ctr_init(aesCtrCtx, ctrKey);
if (result >= 0) {
    byte[] data = "Stream data for CTR encryption".getBytes();
    byte[] encrypted = new byte[data.length];
    
    // Encrypt (no padding needed in CTR mode)
    av_aes_ctr_crypt(aesCtrCtx, encrypted, data, data.length);
    
    // Decrypt (same operation in CTR mode)
    byte[] decrypted = new byte[data.length];
    av_aes_ctr_crypt(aesCtrCtx, decrypted, encrypted, encrypted.length);
    
    System.out.println("CTR mode encryption/decryption completed");
}

Hash Functions

Generic Hash API

/**
 * Allocate hash context for specified algorithm
 * @param ctx Pointer to store allocated context
 * @param name Hash algorithm name (e.g., "md5", "sha1", "sha256")
 * @return 0 on success, negative AVERROR on failure
 */
int av_hash_alloc(@ByPtrPtr AVHashContext ctx, String name);

/**
 * Get available hash algorithm names
 * @param i Index of hash algorithm (0-based)
 * @return Hash algorithm name or null if index out of range
 */
BytePointer av_hash_names(int i);

/**
 * Get hash algorithm name for context
 * @param ctx Hash context
 * @return Algorithm name
 */
BytePointer av_hash_get_name(AVHashContext ctx);

/**
 * Get hash output size for context
 * @param ctx Hash context
 * @return Hash size in bytes
 */
int av_hash_get_size(AVHashContext ctx);

Hash Operations

/**
 * Initialize hash context for new computation
 * @param ctx Hash context to initialize
 */
void av_hash_init(AVHashContext ctx);

/**
 * Update hash with input data
 * @param ctx Hash context
 * @param src Input data to hash
 * @param len Length of input data in bytes
 */
void av_hash_update(AVHashContext ctx, BytePointer src, int len);

/**
 * Finalize hash computation and get result
 * @param ctx Hash context
 * @param dst Buffer to store hash result
 */
void av_hash_final(AVHashContext ctx, BytePointer dst);

/**
 * Free hash context
 * @param ctx Hash context to free
 */
void av_hash_freep(@ByPtrPtr AVHashContext ctx);

Usage Example:

// Compute SHA-256 hash of data
AVHashContext hashCtx = new AVHashContext(null);
int result = av_hash_alloc(hashCtx, "sha256");

if (result >= 0) {
    try {
        // Initialize hash computation
        av_hash_init(hashCtx);
        
        // Hash input data
        byte[] data = "Data to be hashed".getBytes();
        BytePointer dataPtr = new BytePointer(data);
        av_hash_update(hashCtx, dataPtr, data.length);
        
        // Get hash result
        int hashSize = av_hash_get_size(hashCtx);
        BytePointer hashResult = new BytePointer(hashSize);
        av_hash_final(hashCtx, hashResult);
        
        // Convert to hex string
        StringBuilder hexHash = new StringBuilder();
        for (int i = 0; i < hashSize; i++) {
            hexHash.append(String.format("%02x", hashResult.get(i) & 0xFF));
        }
        System.out.println("SHA-256: " + hexHash.toString());
        
    } finally {
        av_hash_freep(hashCtx);
    }
}

SHA Hash Functions

Specialized SHA Operations

/**
 * Get size of AVSHA context structure
 * @return Size in bytes for SHA context
 */
int av_sha_size();

/**
 * Allocate SHA context
 * @return New SHA context or null on failure
 */
AVSHA av_sha_alloc();

/**
 * Initialize SHA context for specified bit length
 * @param context SHA context to initialize
 * @param bits Hash bit length (160, 224, 256, 384, or 512)
 * @return 0 on success, negative AVERROR on failure
 */
int av_sha_init(AVSHA context, int bits);

/**
 * Update SHA hash with input data
 * @param ctx SHA context
 * @param data Input data
 * @param len Data length in bytes
 */
void av_sha_update(AVSHA ctx, BytePointer data, int len);

/**
 * Finalize SHA computation
 * @param ctx SHA context
 * @param digest Output buffer for hash result
 */
void av_sha_final(AVSHA ctx, BytePointer digest);

MD5 Hash Functions

/**
 * Get size of AVMD5 context structure
 * @return Size in bytes for MD5 context
 */
int av_md5_size();

/**
 * Allocate MD5 context
 * @return New MD5 context or null on failure
 */
AVMD5 av_md5_alloc();

/**
 * Initialize MD5 context
 * @param ctx MD5 context to initialize
 */
void av_md5_init(AVMD5 ctx);

/**
 * Update MD5 hash with input data
 * @param ctx MD5 context
 * @param src Input data
 * @param len Data length in bytes
 */
void av_md5_update(AVMD5 ctx, BytePointer src, int len);

/**
 * Finalize MD5 computation
 * @param ctx MD5 context
 * @param dst Output buffer for 16-byte MD5 hash
 */
void av_md5_final(AVMD5 ctx, BytePointer dst);

Media Content Encryption

Encryption Metadata Structures

/**
 * Encryption information for media content
 */
class AVEncryptionInfo extends Pointer {
    // Encryption scheme identifier
    int scheme();
    
    // Encryption pattern for partial encryption
    int crypt_byte_block();
    int skip_byte_block();
    
    // Key identifier
    BytePointer key_id();
    int key_id_size();
    
    // Initialization vector
    BytePointer iv();
    int iv_size();
    
    // Subsample encryption information
    AVSubsampleEncryptionInfo subsample_encryption_info();
    int subsample_count();
}

/**
 * Initialization information for encrypted content
 */
class AVEncryptionInitInfo extends Pointer {
    // System identifier (16 bytes)
    BytePointer system_id();
    
    // Key ID information
    PointerPointer key_ids();
    int num_key_ids();
    
    // Initialization data
    BytePointer data();
    int data_size();
}

Usage Example:

// Access encryption metadata from encrypted media
AVEncryptionInfo encInfo = /* from media stream */;

if (encInfo != null) {
    System.out.println("Content is encrypted");
    System.out.println("Scheme: " + encInfo.scheme());
    System.out.println("Key ID size: " + encInfo.key_id_size());
    
    // Handle encrypted content appropriately
    if (encInfo.subsample_count() > 0) {
        System.out.println("Uses subsample encryption");
    }
}

Security Best Practices

Key Management

// Always use cryptographically secure random keys
SecureRandom random = new SecureRandom();
byte[] aesKey = new byte[32]; // 256-bit key
random.nextBytes(aesKey);

// Clear sensitive data after use
Arrays.fill(aesKey, (byte) 0);

Initialization Vectors

// Use unique, random IVs for each encryption operation
byte[] iv = new byte[16];
random.nextBytes(iv);

// IV can be stored/transmitted in plaintext with ciphertext

Hash Verification

// Verify data integrity using hash comparison
AVHashContext verifyCtx = new AVHashContext(null);
av_hash_alloc(verifyCtx, "sha256");

av_hash_init(verifyCtx);
av_hash_update(verifyCtx, dataPtr, dataLength);

BytePointer computedHash = new BytePointer(32);
av_hash_final(verifyCtx, computedHash);

// Compare with expected hash
boolean isValid = Arrays.equals(computedHash.getStringBytes(), expectedHash);

Algorithm Support

Available Hash Algorithms

  • MD5 - 128-bit hash (legacy, not recommended for security)
  • SHA-1 - 160-bit hash (legacy, not recommended for security)
  • SHA-224 - 224-bit SHA-2 hash
  • SHA-256 - 256-bit SHA-2 hash (recommended)
  • SHA-384 - 384-bit SHA-2 hash
  • SHA-512 - 512-bit SHA-2 hash
  • CRC32 - 32-bit cyclic redundancy check

Encryption Algorithms

  • AES-128/192/256 - Advanced Encryption Standard
  • AES-CTR - Counter mode for stream encryption
  • Integration with media encryption standards (Common Encryption, etc.)

Memory Management

Cryptographic contexts require explicit cleanup:

// Always free cryptographic contexts
AVAES aesCtx = av_aes_alloc();
try {
    // Use context
} finally {
    // Context is freed automatically by JavaCPP
    // but clear sensitive data explicitly
}

// For hash contexts, use av_hash_freep()
AVHashContext hashCtx = new AVHashContext(null);
try {
    av_hash_alloc(hashCtx, "sha256");
    // Use context
} finally {
    av_hash_freep(hashCtx);
}

Install with Tessl CLI

npx tessl i tessl/maven-org-bytedeco--ffmpeg

docs

audio-processing.md

codec-operations.md

command-line-tools.md

constants-enums.md

cryptographic-security.md

device-io.md

format-handling.md

hardware-acceleration.md

index.md

media-filtering.md

postproc.md

scaling-conversion.md

tile.json