diff mbox

[FFmpeg-devel,V4,2/2] lavf/libsrt: enable other encryption parameters

Message ID 1575468746-24718-3-git-send-email-mypopydev@gmail.com
State New
Headers show

Commit Message

Jun Zhao Dec. 4, 2019, 2:12 p.m. UTC
From: Jun Zhao <barryjzhao@tencent.com>

Enable the SRTO_ENFORCEDENCRYPTION/SRTO_KMREFRESHRATE/
SRTO_KMPREANNOUNCE for srt encryption control.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
---
 doc/protocols.texi   |   20 ++++++++++++++++++++
 libavformat/libsrt.c |   18 ++++++++++++++++++
 2 files changed, 38 insertions(+), 0 deletions(-)

Comments

Marton Balint Dec. 14, 2019, 8:48 p.m. UTC | #1
On Wed, 4 Dec 2019, Jun Zhao wrote:

> From: Jun Zhao <barryjzhao@tencent.com>
>
> Enable the SRTO_ENFORCEDENCRYPTION/SRTO_KMREFRESHRATE/
> SRTO_KMPREANNOUNCE for srt encryption control.
>
> Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
> ---
> doc/protocols.texi   |   20 ++++++++++++++++++++
> libavformat/libsrt.c |   18 ++++++++++++++++++
> 2 files changed, 38 insertions(+), 0 deletions(-)
>
> diff --git a/doc/protocols.texi b/doc/protocols.texi
> index 886c3b8..d2935fc 100644
> --- a/doc/protocols.texi
> +++ b/doc/protocols.texi
> @@ -1282,6 +1282,26 @@ only if @option{pbkeylen} is non-zero. It is used on
> the receiver only if the received data is encrypted.
> The configured passphrase cannot be recovered (write-only).
> 
> +@item enforced_encryption=@var{1|0}
> +If true, both connection parties must have the same password
> +set (including empty, that is, with no encryption). If the
> +password doesn't match or only one side is unencrypted,
> +the connection is rejected. Default is true.
> +
> +@item kmrefreshrate=@var{packets}
> +The number of packets to be transmitted after which the
> +encryption key is switched to a new key. Default is -1.
> +-1 means auto (0x1000000 in srt library). The range for
> +this option is integers in the 0 - @code{INT_MAX}.
> +
> +@item kmpreannounce=@var{packets}
> +The interval between when a new encryption key is sent and
> +when switchover occurs. This value also applies to the
> +subsequent interval between when switchover occurs and
> +when the old encryption key is decommissioned. Default is -1.
> +-1 means auto (0x1000 in srt library). The range for
> +this option is integers in the 0 - @code{INT_MAX}.
> +
> @item payload_size=@var{bytes}
> Sets the maximum declared size of a packet transferred
> during the single call to the sending function in Live
> diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c
> index 0a748a1..05a46c6 100644
> --- a/libavformat/libsrt.c
> +++ b/libavformat/libsrt.c
> @@ -62,6 +62,9 @@ typedef struct SRTContext {
>     int64_t maxbw;
>     int pbkeylen;
>     char *passphrase;
> +    int enforced_encryption;
> +    int kmrefreshrate;
> +    int kmpreannounce;
>     int mss;
>     int ffs;
>     int ipttl;
> @@ -102,6 +105,9 @@ static const AVOption libsrt_options[] = {
>     { "maxbw",          "Maximum bandwidth (bytes per second) that the connection can use",     OFFSET(maxbw),            AV_OPT_TYPE_INT64,    { .i64 = -1 }, -1, INT64_MAX, .flags = D|E },
>     { "pbkeylen",       "Crypto key len in bytes {16,24,32} Default: 16 (128-bit)",             OFFSET(pbkeylen),         AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 32,        .flags = D|E },
>     { "passphrase",     "Crypto PBKDF2 Passphrase size[0,10..64] 0:disable crypto",             OFFSET(passphrase),       AV_OPT_TYPE_STRING,   { .str = NULL },              .flags = D|E },
> +    { "enforced_encryption", "Enforces that both connection parties have the same passphrase set ",                             OFFSET(enforced_encryption), AV_OPT_TYPE_BOOL,  { .i64 = -1 }, -1, 1,         .flags = D|E },
> +    { "kmrefreshrate",       "The number of packets to be transmitted after which the encryption key is switched to a new key", OFFSET(kmrefreshrate),       AV_OPT_TYPE_INT,   { .i64 = -1 }, -1, INT_MAX,   .flags = D|E },
> +    { "kmpreannounce",       "The interval between when a new encryption key is sent and when switchover occurs",               OFFSET(kmpreannounce),       AV_OPT_TYPE_INT,   { .i64 = -1 }, -1, INT_MAX,   .flags = D|E },
>     { "mss",            "The Maximum Segment Size",                                             OFFSET(mss),              AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 1500,      .flags = D|E },
>     { "ffs",            "Flight flag size (window size) (in bytes)",                            OFFSET(ffs),              AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, INT_MAX,   .flags = D|E },
>     { "ipttl",          "IP Time To Live",                                                      OFFSET(ipttl),            AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 255,       .flags = D|E },
> @@ -321,6 +327,9 @@ static int libsrt_set_options_pre(URLContext *h, int fd)
>         (s->maxbw >= 0 && libsrt_setsockopt(h, fd, SRTO_MAXBW, "SRTO_MAXBW", &s->maxbw, sizeof(s->maxbw)) < 0) ||
>         (s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN, "SRTO_PBKEYLEN", &s->pbkeylen, sizeof(s->pbkeylen)) < 0) ||
>         (s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE, "SRTO_PASSPHRASE", s->passphrase, strlen(s->passphrase)) < 0) ||
> +        (s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_ENFORCEDENCRYPTION, "SRTO_ENFORCEDENCRYPTION", &s->enforced_encryption, sizeof(s->enforced_encryption)) < 0) ||
> +        (s->kmrefreshrate >= 0 && libsrt_setsockopt(h, fd, SRTO_KMREFRESHRATE, "SRTO_KMREFRESHRATE", &s->kmrefreshrate, sizeof(s->kmrefreshrate)) < 0) ||
> +        (s->kmpreannounce >= 0 && libsrt_setsockopt(h, fd, SRTO_KMPREANNOUNCE, "SRTO_KMPREANNOUNCE", &s->kmpreannounce, sizeof(s->kmpreannounce)) < 0) ||

These are only available since 1.3.2, so this should be guarded by 
#if SRT_VERSION_VALUE >= 0x010302 or something similar.

Instead of SRTO_ENFORCEDENCRYPTION SRTO_STRICTENC should be used for 
compatiblity, because the rename only happened in 1.4.0.

>         (s->mss >= 0 && libsrt_setsockopt(h, fd, SRTO_MSS, "SRTO_MMS", &s->mss, sizeof(s->mss)) < 0) ||
>         (s->ffs >= 0 && libsrt_setsockopt(h, fd, SRTO_FC, "SRTO_FC", &s->ffs, sizeof(s->ffs)) < 0) ||
>         (s->ipttl >= 0 && libsrt_setsockopt(h, fd, SRTO_IPTTL, "SRTO_UPTTL", &s->ipttl, sizeof(s->ipttl)) < 0) ||
> @@ -506,6 +515,15 @@ static int libsrt_open(URLContext *h, const char *uri, int flags)
>         if (av_find_info_tag(buf, sizeof(buf), "passphrase", p)) {
>             s->passphrase = av_strndup(buf, strlen(buf));
>         }
> +        if (av_find_info_tag(buf, sizeof(buf), "enforced_encryption", p)) {
> +            s->enforced_encryption = strtol(buf, NULL, 10);
> +        }
> +        if (av_find_info_tag(buf, sizeof(buf), "kmrefreshrate", p)) {
> +            s->kmrefreshrate = strtol(buf, NULL, 10);
> +        }
> +        if (av_find_info_tag(buf, sizeof(buf), "kmpreannounce", p)) {
> +            s->kmpreannounce = strtol(buf, NULL, 10);
> +        }
>         if (av_find_info_tag(buf, sizeof(buf), "mss", p)) {
>             s->mss = strtol(buf, NULL, 10);
>         }
> --

Regards,
Marton
Jun Zhao Dec. 15, 2019, 2:22 a.m. UTC | #2
On Sun, Dec 15, 2019 at 4:48 AM Marton Balint <cus@passwd.hu> wrote:
>
>
> On Wed, 4 Dec 2019, Jun Zhao wrote:
>
> > From: Jun Zhao <barryjzhao@tencent.com>
> >
> > Enable the SRTO_ENFORCEDENCRYPTION/SRTO_KMREFRESHRATE/
> > SRTO_KMPREANNOUNCE for srt encryption control.
> >
> > Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
> > ---
> > doc/protocols.texi   |   20 ++++++++++++++++++++
> > libavformat/libsrt.c |   18 ++++++++++++++++++
> > 2 files changed, 38 insertions(+), 0 deletions(-)
> >
> > diff --git a/doc/protocols.texi b/doc/protocols.texi
> > index 886c3b8..d2935fc 100644
> > --- a/doc/protocols.texi
> > +++ b/doc/protocols.texi
> > @@ -1282,6 +1282,26 @@ only if @option{pbkeylen} is non-zero. It is used on
> > the receiver only if the received data is encrypted.
> > The configured passphrase cannot be recovered (write-only).
> >
> > +@item enforced_encryption=@var{1|0}
> > +If true, both connection parties must have the same password
> > +set (including empty, that is, with no encryption). If the
> > +password doesn't match or only one side is unencrypted,
> > +the connection is rejected. Default is true.
> > +
> > +@item kmrefreshrate=@var{packets}
> > +The number of packets to be transmitted after which the
> > +encryption key is switched to a new key. Default is -1.
> > +-1 means auto (0x1000000 in srt library). The range for
> > +this option is integers in the 0 - @code{INT_MAX}.
> > +
> > +@item kmpreannounce=@var{packets}
> > +The interval between when a new encryption key is sent and
> > +when switchover occurs. This value also applies to the
> > +subsequent interval between when switchover occurs and
> > +when the old encryption key is decommissioned. Default is -1.
> > +-1 means auto (0x1000 in srt library). The range for
> > +this option is integers in the 0 - @code{INT_MAX}.
> > +
> > @item payload_size=@var{bytes}
> > Sets the maximum declared size of a packet transferred
> > during the single call to the sending function in Live
> > diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c
> > index 0a748a1..05a46c6 100644
> > --- a/libavformat/libsrt.c
> > +++ b/libavformat/libsrt.c
> > @@ -62,6 +62,9 @@ typedef struct SRTContext {
> >     int64_t maxbw;
> >     int pbkeylen;
> >     char *passphrase;
> > +    int enforced_encryption;
> > +    int kmrefreshrate;
> > +    int kmpreannounce;
> >     int mss;
> >     int ffs;
> >     int ipttl;
> > @@ -102,6 +105,9 @@ static const AVOption libsrt_options[] = {
> >     { "maxbw",          "Maximum bandwidth (bytes per second) that the connection can use",     OFFSET(maxbw),            AV_OPT_TYPE_INT64,    { .i64 = -1 }, -1, INT64_MAX, .flags = D|E },
> >     { "pbkeylen",       "Crypto key len in bytes {16,24,32} Default: 16 (128-bit)",             OFFSET(pbkeylen),         AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 32,        .flags = D|E },
> >     { "passphrase",     "Crypto PBKDF2 Passphrase size[0,10..64] 0:disable crypto",             OFFSET(passphrase),       AV_OPT_TYPE_STRING,   { .str = NULL },              .flags = D|E },
> > +    { "enforced_encryption", "Enforces that both connection parties have the same passphrase set ",                             OFFSET(enforced_encryption), AV_OPT_TYPE_BOOL,  { .i64 = -1 }, -1, 1,         .flags = D|E },
> > +    { "kmrefreshrate",       "The number of packets to be transmitted after which the encryption key is switched to a new key", OFFSET(kmrefreshrate),       AV_OPT_TYPE_INT,   { .i64 = -1 }, -1, INT_MAX,   .flags = D|E },
> > +    { "kmpreannounce",       "The interval between when a new encryption key is sent and when switchover occurs",               OFFSET(kmpreannounce),       AV_OPT_TYPE_INT,   { .i64 = -1 }, -1, INT_MAX,   .flags = D|E },
> >     { "mss",            "The Maximum Segment Size",                                             OFFSET(mss),              AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 1500,      .flags = D|E },
> >     { "ffs",            "Flight flag size (window size) (in bytes)",                            OFFSET(ffs),              AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, INT_MAX,   .flags = D|E },
> >     { "ipttl",          "IP Time To Live",                                                      OFFSET(ipttl),            AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 255,       .flags = D|E },
> > @@ -321,6 +327,9 @@ static int libsrt_set_options_pre(URLContext *h, int fd)
> >         (s->maxbw >= 0 && libsrt_setsockopt(h, fd, SRTO_MAXBW, "SRTO_MAXBW", &s->maxbw, sizeof(s->maxbw)) < 0) ||
> >         (s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN, "SRTO_PBKEYLEN", &s->pbkeylen, sizeof(s->pbkeylen)) < 0) ||
> >         (s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE, "SRTO_PASSPHRASE", s->passphrase, strlen(s->passphrase)) < 0) ||
> > +        (s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_ENFORCEDENCRYPTION, "SRTO_ENFORCEDENCRYPTION", &s->enforced_encryption, sizeof(s->enforced_encryption)) < 0) ||
> > +        (s->kmrefreshrate >= 0 && libsrt_setsockopt(h, fd, SRTO_KMREFRESHRATE, "SRTO_KMREFRESHRATE", &s->kmrefreshrate, sizeof(s->kmrefreshrate)) < 0) ||
> > +        (s->kmpreannounce >= 0 && libsrt_setsockopt(h, fd, SRTO_KMPREANNOUNCE, "SRTO_KMPREANNOUNCE", &s->kmpreannounce, sizeof(s->kmpreannounce)) < 0) ||
>
> These are only available since 1.3.2, so this should be guarded by
> #if SRT_VERSION_VALUE >= 0x010302 or something similar.
>
> Instead of SRTO_ENFORCEDENCRYPTION SRTO_STRICTENC should be used for
> compatiblity, because the rename only happened in 1.4.0.
>
Will add  compatiblity check, tks
> >         (s->mss >= 0 && libsrt_setsockopt(h, fd, SRTO_MSS, "SRTO_MMS", &s->mss, sizeof(s->mss)) < 0) ||
> >         (s->ffs >= 0 && libsrt_setsockopt(h, fd, SRTO_FC, "SRTO_FC", &s->ffs, sizeof(s->ffs)) < 0) ||
> >         (s->ipttl >= 0 && libsrt_setsockopt(h, fd, SRTO_IPTTL, "SRTO_UPTTL", &s->ipttl, sizeof(s->ipttl)) < 0) ||
> > @@ -506,6 +515,15 @@ static int libsrt_open(URLContext *h, const char *uri, int flags)
> >         if (av_find_info_tag(buf, sizeof(buf), "passphrase", p)) {
> >             s->passphrase = av_strndup(buf, strlen(buf));
> >         }
> > +        if (av_find_info_tag(buf, sizeof(buf), "enforced_encryption", p)) {
> > +            s->enforced_encryption = strtol(buf, NULL, 10);
> > +        }
> > +        if (av_find_info_tag(buf, sizeof(buf), "kmrefreshrate", p)) {
> > +            s->kmrefreshrate = strtol(buf, NULL, 10);
> > +        }
> > +        if (av_find_info_tag(buf, sizeof(buf), "kmpreannounce", p)) {
> > +            s->kmpreannounce = strtol(buf, NULL, 10);
> > +        }
> >         if (av_find_info_tag(buf, sizeof(buf), "mss", p)) {
> >             s->mss = strtol(buf, NULL, 10);
> >         }
> > --
>
> Regards,
> Marton
diff mbox

Patch

diff --git a/doc/protocols.texi b/doc/protocols.texi
index 886c3b8..d2935fc 100644
--- a/doc/protocols.texi
+++ b/doc/protocols.texi
@@ -1282,6 +1282,26 @@  only if @option{pbkeylen} is non-zero. It is used on
 the receiver only if the received data is encrypted.
 The configured passphrase cannot be recovered (write-only).
 
+@item enforced_encryption=@var{1|0}
+If true, both connection parties must have the same password
+set (including empty, that is, with no encryption). If the
+password doesn't match or only one side is unencrypted,
+the connection is rejected. Default is true.
+
+@item kmrefreshrate=@var{packets}
+The number of packets to be transmitted after which the
+encryption key is switched to a new key. Default is -1.
+-1 means auto (0x1000000 in srt library). The range for
+this option is integers in the 0 - @code{INT_MAX}.
+
+@item kmpreannounce=@var{packets}
+The interval between when a new encryption key is sent and
+when switchover occurs. This value also applies to the
+subsequent interval between when switchover occurs and
+when the old encryption key is decommissioned. Default is -1.
+-1 means auto (0x1000 in srt library). The range for
+this option is integers in the 0 - @code{INT_MAX}.
+
 @item payload_size=@var{bytes}
 Sets the maximum declared size of a packet transferred
 during the single call to the sending function in Live
diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c
index 0a748a1..05a46c6 100644
--- a/libavformat/libsrt.c
+++ b/libavformat/libsrt.c
@@ -62,6 +62,9 @@  typedef struct SRTContext {
     int64_t maxbw;
     int pbkeylen;
     char *passphrase;
+    int enforced_encryption;
+    int kmrefreshrate;
+    int kmpreannounce;
     int mss;
     int ffs;
     int ipttl;
@@ -102,6 +105,9 @@  static const AVOption libsrt_options[] = {
     { "maxbw",          "Maximum bandwidth (bytes per second) that the connection can use",     OFFSET(maxbw),            AV_OPT_TYPE_INT64,    { .i64 = -1 }, -1, INT64_MAX, .flags = D|E },
     { "pbkeylen",       "Crypto key len in bytes {16,24,32} Default: 16 (128-bit)",             OFFSET(pbkeylen),         AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 32,        .flags = D|E },
     { "passphrase",     "Crypto PBKDF2 Passphrase size[0,10..64] 0:disable crypto",             OFFSET(passphrase),       AV_OPT_TYPE_STRING,   { .str = NULL },              .flags = D|E },
+    { "enforced_encryption", "Enforces that both connection parties have the same passphrase set ",                             OFFSET(enforced_encryption), AV_OPT_TYPE_BOOL,  { .i64 = -1 }, -1, 1,         .flags = D|E },
+    { "kmrefreshrate",       "The number of packets to be transmitted after which the encryption key is switched to a new key", OFFSET(kmrefreshrate),       AV_OPT_TYPE_INT,   { .i64 = -1 }, -1, INT_MAX,   .flags = D|E },
+    { "kmpreannounce",       "The interval between when a new encryption key is sent and when switchover occurs",               OFFSET(kmpreannounce),       AV_OPT_TYPE_INT,   { .i64 = -1 }, -1, INT_MAX,   .flags = D|E },
     { "mss",            "The Maximum Segment Size",                                             OFFSET(mss),              AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 1500,      .flags = D|E },
     { "ffs",            "Flight flag size (window size) (in bytes)",                            OFFSET(ffs),              AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, INT_MAX,   .flags = D|E },
     { "ipttl",          "IP Time To Live",                                                      OFFSET(ipttl),            AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 255,       .flags = D|E },
@@ -321,6 +327,9 @@  static int libsrt_set_options_pre(URLContext *h, int fd)
         (s->maxbw >= 0 && libsrt_setsockopt(h, fd, SRTO_MAXBW, "SRTO_MAXBW", &s->maxbw, sizeof(s->maxbw)) < 0) ||
         (s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN, "SRTO_PBKEYLEN", &s->pbkeylen, sizeof(s->pbkeylen)) < 0) ||
         (s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE, "SRTO_PASSPHRASE", s->passphrase, strlen(s->passphrase)) < 0) ||
+        (s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_ENFORCEDENCRYPTION, "SRTO_ENFORCEDENCRYPTION", &s->enforced_encryption, sizeof(s->enforced_encryption)) < 0) ||
+        (s->kmrefreshrate >= 0 && libsrt_setsockopt(h, fd, SRTO_KMREFRESHRATE, "SRTO_KMREFRESHRATE", &s->kmrefreshrate, sizeof(s->kmrefreshrate)) < 0) ||
+        (s->kmpreannounce >= 0 && libsrt_setsockopt(h, fd, SRTO_KMPREANNOUNCE, "SRTO_KMPREANNOUNCE", &s->kmpreannounce, sizeof(s->kmpreannounce)) < 0) ||
         (s->mss >= 0 && libsrt_setsockopt(h, fd, SRTO_MSS, "SRTO_MMS", &s->mss, sizeof(s->mss)) < 0) ||
         (s->ffs >= 0 && libsrt_setsockopt(h, fd, SRTO_FC, "SRTO_FC", &s->ffs, sizeof(s->ffs)) < 0) ||
         (s->ipttl >= 0 && libsrt_setsockopt(h, fd, SRTO_IPTTL, "SRTO_UPTTL", &s->ipttl, sizeof(s->ipttl)) < 0) ||
@@ -506,6 +515,15 @@  static int libsrt_open(URLContext *h, const char *uri, int flags)
         if (av_find_info_tag(buf, sizeof(buf), "passphrase", p)) {
             s->passphrase = av_strndup(buf, strlen(buf));
         }
+        if (av_find_info_tag(buf, sizeof(buf), "enforced_encryption", p)) {
+            s->enforced_encryption = strtol(buf, NULL, 10);
+        }
+        if (av_find_info_tag(buf, sizeof(buf), "kmrefreshrate", p)) {
+            s->kmrefreshrate = strtol(buf, NULL, 10);
+        }
+        if (av_find_info_tag(buf, sizeof(buf), "kmpreannounce", p)) {
+            s->kmpreannounce = strtol(buf, NULL, 10);
+        }
         if (av_find_info_tag(buf, sizeof(buf), "mss", p)) {
             s->mss = strtol(buf, NULL, 10);
         }