PDF - Apple Developer

MPEG-2 Stream 

Encryption Format for 

HTTP Live Streaming

Contents 

1.0 Introduction 4 

2.0 Encryption 5 

2.1 Encryption Overview 5 

2.2 H.264 Video Streams 5 

2.3 Audio Streams 6 

2.3.1 General 6 

2.3.2 AAC Audio 6 

2.3.3 AC-3 Audio 7 

2.3.4 Audio Setup Information 8 

2.4 Other Stream Types 9 

3.0 Transport Stream Signaling 10 

4.0 References 11 

ISO/IEC 13818-1 11 

HTTP Live Streaming 11 

ISO/IEC 14496-10 11 

ISO/IEC 14496-3 11 

ETSI TS 102 366 v1.2.1 11 

ID3 tag version 2.4.0 11 

NIST Special Publication 800-38A 12 

Document Revision History 13 

2012-09-26 | © 2012 Apple Inc. All Rights Reserved. 

2

Listings 

2.0 Encryption 5 

Listing 1-1 Encryption of NAL Units 5 

Listing 1-2 Encryption of AAC Audio Frames 6 

Listing 1-3 Encryption of AC-3 Audio Frames 7 

Listing 1-4 Setup Information Format 8 


3

1.0 Introduction 

This document describes a sample-level encryption format for several types of elementary streams that can 

be carried in MPEG-2 Transport Streams “ISO/IEC 13818-1” (page 11) and MPEG Elementary Audio streams. 

This format is used by the HTTP Live Streaming “HTTP Live Streaming” (page 11) protocol. 

This document specifies: 

● How the media data of audio and video streams are encrypted. 

● How encrypted streams are identified in the transport stream. 

● How unencrypted audio setup information is carried. 


4

2.0 Encryption 

2.1 Encryption Overview 

For each encrypted stream type a protected block is identified, over which the protection process is performed. 

An audio stream protected block is typically a frame of audio; H.264 video protected blocks are the body of 

specific types of Network Adaptation Layer (NAL) Units. The encryption method defined by this specification 

protects certain contiguous sections of the audio or video stream within the protected blocks. 

Each section contains an integer number of 16-byte blocks that are encrypted using AES-128 Cipher Block 

Chaining (CBC) mode as specified in “NIST Special Publication 800-38A” (page 12). Cipher block chaining occurs 

within each protected block, and the initialization vector must be reset to its original value at the start of each 

new protected block. 

In video data, the first 16-byte block of the section and every tenth block thereafter must be encrypted. 

In audio data, all the 16-byte blocks must be encrypted. 

2.2 H.264 Video Streams 

H.264 (AVC) video encoding “ISO/IEC 14496-10” (page 11) must be used for video when this specification is 

in operation. Stream encryption is performed within each NAL unit, in byte-stream form using start codes, as 

detailed in Annex B of “ISO/IEC 14496-10” (page 11). 

NAL units of type 1 and type 5 must be encrypted to this specification; other NAL unit types must not be 

encrypted. Listing 1-1 shows the format of a NAL unit that contains encrypted data. 

Listing 1-1 Encryption of NAL Units 

Encrypted_NAL_Unit () { 

NAL_unit_type_byte // 1 byte 

unencrypted_leader // 31 bytes 

while (bytes_remaining() > 16) { 

} 

protected_block_one_in_ten // 16 bytes 

unencrypted_trailer // 1-16 bytes 


5


2.3 Audio Streams 

} 

Each NAL unit is formed with start code emulation prevention applied. The preceding start code is not part of 

the protected block and is not encrypted. 

The byte containing the nal_unit_type value, plus the 31 bytes that follow, are unencrypted. The next 

contiguous data section is protected. The size, in bytes, of the protected section must be a multiple of 16 and 

may be 0; therefore if a NAL unit has 48 or fewer bytes, that NAL unit is completely unencrypted. 

The protected section uses 10% skip encryption. Each 16-byte block of encrypted data is followed by nine 

16-byte blocks of unencrypted data. At the end of the NAL unit, there are between 1 and 16 unencrypted 

trailing bytes, inclusive. If any block is encrypted (because the NAL Unit’s length is 48 bytes or more), start code 

emulation prevention must again be applied over the entire NAL Unit, including the unencrypted sections. 

To encrypt an H.264 stream, first start with a byte stream that has had start code emulation prevention applied. 

NAL types 1 and 5 that have a length greater than 48 bytes must be protected as defined above, and then for 

those NAL Units only, start code emulation prevention must be re-applied over the entire NAL Unit. 

To decrypt an H.264 stream, NAL units of type 1 and type 5 must be identified and unprotected. For each NAL 

unit of either type, start code emulation prevention must be removed unless the NAL Unit’s length is 48 bytes 

or less. Then the NAL Unit’s encrypted section must be located and the data in that section must be decrypted. 

(The resulting bitstream can then be processed by a standard H.264 decoder.) 


2.3.1 General 

The encryption technology defined by this specification supports two audio formats: Advanced Audio Coding 

(AAC) “ISO/IEC 14496-3” (page 11) and AC-3 audio (formerly Dolby Digital) “ETSI TS 102 366 v1.2.1” (page 11). 

2.3.2 AAC Audio 

An AAC protected block is an audio frame that includes an Audio Data Transport Stream (ADTS) header, as 

shown in Listing 1-2. 

Listing 1-2 Encryption of AAC Audio Frames 

Encrypted_AAC_Frame () { 


6



} 

ADTS_Header // 7 or 9 bytes 


while (bytes_remaining() >= 16) { 

} 

protected_block // 16 bytes 


The ADTS header, which can be 7 or 9 bytes long, plus the first 16 bytes of the frame after it, are unencrypted. 

The contiguous data section that follows is encrypted. The size, in bytes, of the encrypted section must be an 

integer multiple of 16 and is possibly zero. The AAC frame ends with 0 to 15 unencrypted bytes. Start code 

emulation prevention is not performed on the encrypted frame. 

2.3.3 AC-3 Audio 

An AC-3 protected block is the full audio frame (a syncframe() as defined in “ETSI TS 102 366 v1.2.1” (page 

11)), as shown in Listing 1-3. 

Listing 1-3 Encryption of AC-3 Audio Frames 

Encrypted_AC3_Frame () { 

} 


while (bytes_remaining() >= 16) { 

} 

protected_block // 16 bytes 


The first 16 bytes, starting with the syncframe() header, are not encrypted. The contiguous data section that 

follows is encrypted. The AC-3 frame ends with 0 to 15 unencrypted bytes. Start code emulation prevention 

is not performed on the encrypted part of the frame. 


7



2.3.4 Audio Setup Information 

2.3.4.1 Introduction 

Unencrypted audio setup information must be supplied when a stream is encrypted in conformance with this 

specification. The big-endian setup information format is shown in Listing 1-4. 

Listing 1-4 Setup Information Format 

audio_setup_information() { 

} 

audio_type // 4 bytes 

priming // 2 bytes 

version // 1 byte 

setup_data_length // 1 byte 

setup_data // setup_data_length 

The first field is a 32-bit format identifier, followed by a 16-bit priming field and an 8-bit version field. This is 

followed by format-specific data: first an 8-bit value containing the length, in bytes, of the format-specific data 

and then the format-specific data itself in an array of bytes. The setup information must be packed, with no 

alignment padding. The size of the setup information is 8 bytes plus the size of the format-specific data. 

The field’s values are: 

● audio_type—as defined in the following sections; identifies the type of setup data carried. 

● priming—set to 0x0000 for AC-3. For AAC retrieve this value from the encoder, using the Apple encoding 

API. If a non-Apple encoder is used and does not provide a priming value, set to 0x0000. (This may lead 

to incorrect audio/video synchronization if the encoder has a different priming value than the value 

provided to the AAC decoder when the content is rendered.) 

● version—set to 0x01. 

● setup_data_length—the number of bytes in the following setup data. 

● setup_data—format-specific information, as defined in the following sections. 

2.4.3.2 AAC Setup 

Format identifiers: 

AAC-LC 

‘zaac’ 


8


2.4 Other Stream Types 

AAC-HEv1 

AAC-HEv2 

‘zach’ 

‘zacp’ 

The AAC format-specific setup information is the AudioSpecificConfig() value, as defined in Section 

1.6.2.1 of “ISO/IEC 14496-3” (page 11). (Note that this value is called DecoderSpecificInfo in MPEG-4). 

2.4.3.3 AC-3 Setup 

Format identifier: ‘zac3’ 

The AC-3 format-specific setup information is the first 10 bytes of the audio data (the syncframe()). This 

comprises the syncinfo() structure and the initial part of the bsi() structure, as defined in 5.3.1 and 5.3.2 

of “ETSI TS 102 366 v1.2.1” (page 11). 

2.4.3.4 Elementary Stream Setup 

Format identifier: ‘PRIV’ 

In elementary streams the audio setup information is carried inside an ID3 Private Frame, as defined in “ID3 

tag version 2.4.0” (page 11). The owner identifier is com.apple.streaming.audioDescription. 

2.4.3.5 Transport Stream Setup 

Format identifier: ‘apad’ 

In transport streams, the audio setup information is carried in a registration_descriptor(), as defined 

in “ISO/IEC 13818-1” (page 11), sections 2.6.8 and 2.6.9 and Table 2-45. 

2.4 Other Stream Types 

Stream types other than audio or video are not encrypted. 


9

3.0 Transport Stream Signaling 

Transport stream encryption must be signaled in the stream’s Program Map Table (PMT). The PMT must fit 

into a single transport stream packet; it must not be fragmented. The PMT is defined in “ISO/IEC 13818-1” (page 

11). 

To avoid colliding with existing names, new stream_type values have been defined for each stream type 

covered by this specification: 

H.264 Video 

AAC Audio 

AC-3 Audio 

The stream_type value in the PMT must be set to 0xdb. In the descriptor loop following 

the ES_info_length field, a private data indicator descriptor must be added with its 

big-endian private_data_indicator value set to 'zavc'. 

The stream_type value in the PMT must be set to 0xcf. In the descriptor loop following 


big-endian private_data_indicator set to 'aacd'. The AAC setup information listed 

in “2.3.4 Audio Setup Information” (page 8)) must be supplied in a Registration 

Descriptor. 

The stream_type value in the PMT must be set to 0xc1. In the descriptor loop following 


big-endian private_data_indicator set to 'ac3d'. The AC-3 setup information listed 

in “2.3.4 Audio Setup Information” (page 8)) must be supplied in a Registration 

Descriptor. 

The private data indicator descriptors listed above must be signaled in the descriptor loop following the 

ES_info_length field of the PMT, as defined in “ISO/IEC 13818-1” (page 11), section 2.6.28, table 2-58. 


10

4.0 References 

ISO/IEC 13818-1 

ISO/IEC 13818-1:2007 Information technology – Generic coding of moving pictures and associated audio infor- 

mation: Systems 

HTTP Live Streaming 

IETF Internet Draft draft-pantos-http-live-streaming “HTTP Live Streaming” 

ISO/IEC 14496-10 

ISO/IEC 14496-10:2012, Information technology – Coding of audio-visual objects – Part 10: Advanced Video 

Coding 

ISO/IEC 14496-3 

ISO/IEC 14496-3:2009 Information technology – Coding of audio-visual objects – Part 3: Audio 

ETSI TS 102 366 v1.2.1 

ETSI TS 102 366 v1.2.1 – Digital Audio Compression (AC-3, Enhanced AC-3) Standard 

ID3 tag version 2.4.0 

ID3 tag version 2.4.0 — Native Frames 


11

4.0 References 

NIST Special Publication 800-38A 

NIST Special Publication 800-38A 

Recommendation of Block Cipher Modes of Operation, NIST, NIST Special Publication 800-38A 


12

Document Revision History 

This table describes the changes to MPEG-2 Stream Encryption Format for HTTP Live Streaming . 

Date 

2012-09-26 

Notes 

New document describing encryption format into MPEG-2 transport 

streams as used in HTTP Live Streaming. 


13

Apple Inc. 

© 2012 Apple Inc. 

All rights reserved. 

No part of this publication may be reproduced, 

stored in a retrieval system, or transmitted, in any 

form or by any means, mechanical, electronic, 

photocopying, recording, or otherwise, without 

prior written permission of Apple Inc., with the 

following exceptions: Any person is hereby 

authorized to store documentation on a single 

computer for personal use only and to print 

copies of documentation for personal use 

provided that the documentation contains 

Apple’s copyright notice. 

No licenses, express or implied, are granted with 

respect to any of the technology described in this 

document. Apple retains all intellectual property 

rights associated with the technology described 

in this document. This document is intended to 

assist application developers to develop 

applications only for Apple-labeled computers. 

Apple Inc. 

1 Infinite Loop 

Cupertino, CA 95014 

408-996-1010 

Apple and the Apple logo are trademarks of 

Apple Inc., registered in the U.S. and other 

countries. 

Dolby is a trademark of Dolby Laboratories. 

iOS is a trademark or registered trademark of 

Cisco in the U.S. and other countries and is used 

under license. 

Even though Apple has reviewed this document, 

APPLE MAKES NO WARRANTY OR REPRESENTATION, 

EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS 

DOCUMENT, ITS QUALITY, ACCURACY, 

MERCHANTABILITY, OR FITNESS FOR A PARTICULAR 

PURPOSE. AS A RESULT, THIS DOCUMENT IS PROVIDED 

“AS IS,” AND YOU, THE READER, ARE ASSUMING THE 

ENTIRE RISK AS TO ITS QUALITY AND ACCURACY. 

IN NO EVENT WILL APPLE BE LIABLE FOR DIRECT, 

INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL 

DAMAGES RESULTING FROM ANY DEFECT OR 

INACCURACY IN THIS DOCUMENT, even if advised of 

the possibility of such damages. 

THE WARRANTY AND REMEDIES SET FORTH ABOVE 

ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL 

OR WRITTEN, EXPRESS OR IMPLIED. No Apple dealer, 

agent, or employee is authorized to make any 

modification, extension, or addition to this warranty. 

Some states do not allow the exclusion or limitation 

of implied warranties or liability for incidental or 

consequential damages, so the above limitation or 

exclusion may not apply to you. This warranty gives 

you specific legal rights, and you may also have other 

rights which vary from state to state.

PDF - Apple Developer

Create successful ePaper yourself

Delete template?

Save as template?