From patchwork Sat Aug 5 10:14:58 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: DHE X-Patchwork-Id: 4630 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.46.211 with SMTP id u202csp503709vsu; Sat, 5 Aug 2017 03:15:11 -0700 (PDT) X-Received: by 10.223.164.20 with SMTP id d20mr3636192wra.183.1501928111712; Sat, 05 Aug 2017 03:15:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501928111; cv=none; d=google.com; s=arc-20160816; b=B2ZVYs1S0PDB8Q5q5ptdPiO0qg9Srq3EwoD+jMS/sPXy2aonXY4ZtTwcIjkOKEtBKb s/wVYJjBmrS5TZYZ1tpYeSDiDYu9ddN9a7JZuw7W/+wRfXa0IU0sG4ipyCPVkPYD0/CW riFUsFLk6oWUCm5yq9/TBhgXBDUx41Lfo0r6We8DkIZo0/ccN/78VJqhwifqGzroApmI SDOY6ujohEnIjVUqS7OoUEFuZFguLGurtCfjUXLh1oY0G+EwaGBlKzfcj3abEYdAX8+R H938sjGVwnK7QOjWMgwvgMbT8cG1mBL+RKsGDOEAy27s/vst601JQVhfDENGUhlzR3jN sIWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:content-language:mime-version:user-agent:date :message-id:to:from:delivered-to:arc-authentication-results; bh=sN8/p4Y0gbF72fS7dikBpGcOMCrQ2OZ/+Pd4VrMdaeo=; b=i+CZhkSyITKmWs7/eG7n8aRL5IkYVoVHrib5NCXYhc4P1XmiSb29H6Y1Dl3IZsHQOo qNRKxygCyisQfdtPdPtsqcJFS37PlhGrwlKJMV0O5tvhJhYgxpnzK3stgzzJwjk9zSDw 8rwsL7OInmsO1DI7svE5TzXapR1lyh5FpVKc+uaNgN72XVOkx/IUYiVMCs3RE9YoifrP LU4v7rsrnr64YFvZ02N2nh3d621uF85WJfEqUapAVoIKT7BQGbw61ilhTdZG4svVQzDg 6mIdLSUsgPGa0IwQbSIT3GcAaM69C6pzEvxTe/6nBe44AgOYMV8PGPoix1Vaol5FIxi0 mJlQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 32si5189926wrr.510.2017.08.05.03.15.10; Sat, 05 Aug 2017 03:15:11 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 32D616882D3; Sat, 5 Aug 2017 13:15:07 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from smtp2.execulink.net (smtp2.execulink.net [69.63.44.83]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B0529680790 for ; Sat, 5 Aug 2017 13:15:00 +0300 (EEST) Received: from 23-248-133-105.tpia.execulink.com ([23.248.133.105]) by smtp2.execulink.net with esmtpsa (UNKNOWN:AES256-SHA:256) (Exim 4.77) (envelope-from ) id 1ddw6l-0007At-6f for ffmpeg-devel@ffmpeg.org; Sat, 05 Aug 2017 06:14:59 -0400 From: DeHackEd To: ffmpeg-devel@ffmpeg.org Message-ID: <3a198eb8-e24e-1fc6-01f4-e5a467ffd870@dehacked.net> Date: Sat, 5 Aug 2017 06:14:58 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 Content-Language: en-GB Subject: [FFmpeg-devel] [PATCH v3] libaf/hlsenc: allow dynamic encryption key rotation X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Makes behaviour of 805ce25b1d2f optional, re-enables HLS key rotation feature Signed-off-by: DHE --- doc/muxers.texi | 7 ++++++- libavformat/hlsenc.c | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) v1->v2: Actually works this time v2->v3: Documentation fix, parameter reference was incorrect diff --git a/doc/muxers.texi b/doc/muxers.texi index 94472ce..2bec5f8 100644 --- a/doc/muxers.texi +++ b/doc/muxers.texi @@ -551,7 +551,7 @@ format. The optional third line specifies the initialization vector (IV) as a hexadecimal string to be used instead of the segment sequence number (default) for encryption. Changes to @var{key_info_file} will result in segment encryption with the new key/IV and an entry in the playlist for the new key -URI/IV. +URI/IV if @code{hls_flags periodic_rekey} is enabled. Key info file format: @example @@ -665,6 +665,11 @@ first segment's information. @item omit_endlist Do not append the @code{EXT-X-ENDLIST} tag at the end of the playlist. +@item periodic_rekey +The file specified by @code{hls_key_info_file} will be checked periodically and +detect updates to the encryption info. Be sure to replace this file atomically, +including the file containing the AES encryption key. + @item split_by_time Allow segments to start on frames other than keyframes. This improves behavior on some players when the time between keyframes is inconsistent, diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c index 5cf8c89..74a3249 100644 --- a/libavformat/hlsenc.c +++ b/libavformat/hlsenc.c @@ -85,6 +85,7 @@ typedef enum HLSFlags { HLS_SECOND_LEVEL_SEGMENT_DURATION = (1 << 9), // include segment duration (microsec) in segment filenames when use_localtime e.g.: %%09t HLS_SECOND_LEVEL_SEGMENT_SIZE = (1 << 10), // include segment size (bytes) in segment filenames when use_localtime e.g.: %%014s HLS_TEMP_FILE = (1 << 11), + HLS_PERIODIC_REKEY = (1 << 12), } HLSFlags; typedef enum { @@ -1236,7 +1237,7 @@ static int hls_start(AVFormatContext *s) " will use -hls_key_info_file priority\n"); } - if (c->number <= 1) { + if (c->number <= 1 || (c->flags & HLS_PERIODIC_REKEY)) { if (c->key_info_file) { if ((err = hls_encryption_start(s)) < 0) goto fail; @@ -1804,6 +1805,7 @@ static const AVOption options[] = { {"second_level_segment_index", "include segment index in segment filenames when use_localtime", 0, AV_OPT_TYPE_CONST, {.i64 = HLS_SECOND_LEVEL_SEGMENT_INDEX }, 0, UINT_MAX, E, "flags"}, {"second_level_segment_duration", "include segment duration in segment filenames when use_localtime", 0, AV_OPT_TYPE_CONST, {.i64 = HLS_SECOND_LEVEL_SEGMENT_DURATION }, 0, UINT_MAX, E, "flags"}, {"second_level_segment_size", "include segment size in segment filenames when use_localtime", 0, AV_OPT_TYPE_CONST, {.i64 = HLS_SECOND_LEVEL_SEGMENT_SIZE }, 0, UINT_MAX, E, "flags"}, + {"periodic_rekey", "reload keyinfo file periodically for re-keying", 0, AV_OPT_TYPE_CONST, {.i64 = HLS_PERIODIC_REKEY }, 0, UINT_MAX, E, "flags"}, {"use_localtime", "set filename expansion with strftime at segment creation", OFFSET(use_localtime), AV_OPT_TYPE_BOOL, {.i64 = 0 }, 0, 1, E }, {"use_localtime_mkdir", "create last directory component in strftime-generated filename", OFFSET(use_localtime_mkdir), AV_OPT_TYPE_BOOL, {.i64 = 0 }, 0, 1, E }, {"hls_playlist_type", "set the HLS playlist type", OFFSET(pl_type), AV_OPT_TYPE_INT, {.i64 = PLAYLIST_TYPE_NONE }, 0, PLAYLIST_TYPE_NB-1, E, "pl_type" },