[FFmpeg-devel,V2,2/2] lavf/srt: enable other encryption parameters

Message ID	1575207104-9734-3-git-send-email-mypopydev@gmail.com
State	New
Headers	show Return-Path: <ffmpeg-devel-bounces@ffmpeg.org> From: Jun Zhao <mypopydev@gmail.com> To: ffmpeg-devel@ffmpeg.org Date: Sun, 1 Dec 2019 21:31:44 +0800 Message-Id: <1575207104-9734-3-git-send-email-mypopydev@gmail.com> In-Reply-To: <1575207104-9734-1-git-send-email-mypopydev@gmail.com> References: <1575207104-9734-1-git-send-email-mypopydev@gmail.com> Subject: [FFmpeg-devel] [PATCH V2 2/2] lavf/srt: enable other encryption parameters Precedence: list Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Cc: Jun Zhao <barryjzhao@tencent.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

diff --git a/doc/protocols.texi b/doc/protocols.texi index f34f246..c36e3c9 100644 --- a/doc/protocols.texi +++ b/doc/protocols.texi @@ -1282,6 +1282,22 @@ only if @option{pbkeylen} is non-zero. It is used on the receiver only if the received data is encrypted. The configured passphrase cannot be recovered (write-only). +@item enforced_encryption=@var{1|0} +If true, both connection parties must have the same password +set (including empty, that is, with no encryption). If the +password doesn't match or only one side is unencrypted, +the connection is rejected. Default is true. + +@item kmrefreshrate=@var{n} +The number of packets to be transmitted after which the +encryption key is switched to a new key. + +@item kmpreannounce=@var{n} +The interval between when a new encryption key is sent and +when switchover occurs. This value also applies to the +subsequent interval between when switchover occurs and +when the old encryption key is decommissioned. + @item payload_size=@var{bytes} Sets the maximum declared size of a packet transferred during the single call to the sending function in Live diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c index 0a748a1..06f2c02 100644 --- a/libavformat/libsrt.c +++ b/libavformat/libsrt.c @@ -62,6 +62,9 @@ typedef struct SRTContext { int64_t maxbw; int pbkeylen; char *passphrase; + int enforced_encryption; + int kmrefreshrate; + int kmpreannounce; int mss; int ffs; int ipttl; @@ -102,6 +105,9 @@ static const AVOption libsrt_options[] = { { "maxbw", "Maximum bandwidth (bytes per second) that the connection can use", OFFSET(maxbw), AV_OPT_TYPE_INT64, { .i64 = -1 }, -1, INT64_MAX, .flags = D|E }, { "pbkeylen", "Crypto key len in bytes {16,24,32} Default: 16 (128-bit)", OFFSET(pbkeylen), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 32, .flags = D|E }, { "passphrase", "Crypto PBKDF2 Passphrase size[0,10..64] 0:disable crypto", OFFSET(passphrase), AV_OPT_TYPE_STRING, { .str = NULL }, .flags = D|E }, + { "enforced_encryption", "Enforces that both connection parties have the same passphrase set ", OFFSET(enforced_encryption), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 1, .flags = D|E }, + { "kmrefreshrate", "The number of packets to be transmitted after which the encryption key is switched to a new key", OFFSET(kmrefreshrate), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, .flags = D|E }, + { "kmpreannounce", "The interval between when a new encryption key is sent and when switchover occurs", OFFSET(kmpreannounce), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, .flags = D|E }, { "mss", "The Maximum Segment Size", OFFSET(mss), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 1500, .flags = D|E }, { "ffs", "Flight flag size (window size) (in bytes)", OFFSET(ffs), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, .flags = D|E }, { "ipttl", "IP Time To Live", OFFSET(ipttl), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 255, .flags = D|E }, @@ -321,6 +327,9 @@ static int libsrt_set_options_pre(URLContext *h, int fd) (s->maxbw >= 0 && libsrt_setsockopt(h, fd, SRTO_MAXBW, "SRTO_MAXBW", &s->maxbw, sizeof(s->maxbw)) < 0) || (s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN, "SRTO_PBKEYLEN", &s->pbkeylen, sizeof(s->pbkeylen)) < 0) || (s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE, "SRTO_PASSPHRASE", s->passphrase, strlen(s->passphrase)) < 0) || + (s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_ENFORCEDENCRYPTION, "SRTO_ENFORCEDENCRYPTION", &s->enforced_encryption, sizeof(s->enforced_encryption)) < 0) || + (s->kmrefreshrate >= 0 && libsrt_setsockopt(h, fd, SRTO_KMREFRESHRATE, "SRTO_KMREFRESHRATE", &s->kmrefreshrate, sizeof(s->kmrefreshrate)) < 0) || + (s->kmpreannounce >= 0 && libsrt_setsockopt(h, fd, SRTO_KMPREANNOUNCE, "SRTO_KMPREANNOUNCE", &s->kmpreannounce, sizeof(s->kmpreannounce)) < 0) || (s->mss >= 0 && libsrt_setsockopt(h, fd, SRTO_MSS, "SRTO_MMS", &s->mss, sizeof(s->mss)) < 0) || (s->ffs >= 0 && libsrt_setsockopt(h, fd, SRTO_FC, "SRTO_FC", &s->ffs, sizeof(s->ffs)) < 0) || (s->ipttl >= 0 && libsrt_setsockopt(h, fd, SRTO_IPTTL, "SRTO_UPTTL", &s->ipttl, sizeof(s->ipttl)) < 0) || @@ -506,6 +515,15 @@ static int libsrt_open(URLContext *h, const char *uri, int flags) if (av_find_info_tag(buf, sizeof(buf), "passphrase", p)) { s->passphrase = av_strndup(buf, strlen(buf)); } + if (av_find_info_tag(buf, sizeof(buf), "enforced_encryption", p)) { + s->enforced_encryption = strtol(buf, NULL, 10); + } + if (av_find_info_tag(buf, sizeof(buf), "kmrefreshrate", p)) { + s->kmrefreshrate = strtol(buf, NULL, 10); + } + if (av_find_info_tag(buf, sizeof(buf), "kmpreannounce", p)) { + s->kmpreannounce = strtol(buf, NULL, 10); + } if (av_find_info_tag(buf, sizeof(buf), "mss", p)) { s->mss = strtol(buf, NULL, 10); }

[FFmpeg-devel,V2,2/2] lavf/srt: enable other encryption parameters

Commit Message

Patch