From patchwork Sun Dec  1 13:31:44 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jun Zhao <mypopydev@gmail.com>
X-Patchwork-Id: 16510
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 9AAAF448FCA
	for <patchwork@ffaux-bg.ffmpeg.org>;
	Sun,  1 Dec 2019 15:39:13 +0200 (EET)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 74C6268A4A8;
	Sun,  1 Dec 2019 15:39:13 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-pj1-f67.google.com (mail-pj1-f67.google.com
	[209.85.216.67])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id BD55968AD97
	for <ffmpeg-devel@ffmpeg.org>; Sun,  1 Dec 2019 15:39:06 +0200 (EET)
Received: by mail-pj1-f67.google.com with SMTP id w5so910379pjh.11
	for <ffmpeg-devel@ffmpeg.org>; Sun, 01 Dec 2019 05:39:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=ytYWPIVkhwr+UcslxUiXhkt9DbwVJLgeBpGTFVqVm80=;
	b=NNW75vUX7O3tFQnA6eODjN7bNLJ05snetl3a6RVTPNvhFEVI8uU01tXVdTGpMR2puG
	h4kZIMIfSgN3b77V8FAzoCE+Vq6bR8d1Hkcc3OV5hsaH5J7EfN2OpqdAs0JVKu9+34ur
	RiO8SAAE4ixWr7u85m0RkY4W9xgoRxETf5t5MElB6V7a78jJlsiYvsRRcFKXyhX3VX+K
	fzoa8OeM1DFwgnBG8o4dR1OUvy8jrrjldurc98IZ8HMidbAem8fVirQ3Kirl86Hql2wk
	4bI6Gg2nlA69lZ9HVTgY2Fsy671EVkk1r7PVkDHk5fHVpM6FV08S6BYp22PSVoM5Lt6G
	Z5zg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=ytYWPIVkhwr+UcslxUiXhkt9DbwVJLgeBpGTFVqVm80=;
	b=KAZLDSlpfOiv6AOsn4spl26PJmkekqKvS4TpjGO4JYZ2JTf9zw4Kk/6gfiPk5M6BJ/
	BsgVNY4Ykuh0uZSiuzH5pTfnQtdBEEJ/EqDWtBIDY4xzxM/QnsgrC0uIHbzIN2qGrLt8
	7zQJbCfqIznzutJQbb2uHT7MPQ4UOk5ZK87A6n1mQHRqTXXeIIaP999pqpzEmxjeydg/
	9j4eQIjrVl43FICQRgbZZ9cLqXPXoNHkSFiJKoDDJ6l2MCVY7Za/xbThtELGjEjelX3G
	v75ER4q/QQZiHafuZVF9X6u2xoDnbWBNeVDWLacJuHvSQsIR4P7QIkQ83bfC8de0cL8N
	L/WQ==
X-Gm-Message-State: APjAAAVfmeqpScM5oCyeiZysVksYjjPamq+rzUeDt+nQR4KWwgN1/Xkw
	yelFtOm3nZW8Zs6dTuLD0WhkYxzP
X-Google-Smtp-Source: 
 APXvYqxAZrhQMGFBKYC8qiPWXSav0nRoCDpSH5TA/KABUlMxqjJyeklkR49bPaHjN4u+IzBsyOwZDw==
X-Received: by 2002:a17:90a:234f:: with SMTP id
	f73mr28708065pje.109.1575207115246;
	Sun, 01 Dec 2019 05:31:55 -0800 (PST)
Received: from localhost.localdomain ([47.90.47.25])
	by smtp.gmail.com with ESMTPSA id
	e23sm7357593pjt.23.2019.12.01.05.31.54
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sun, 01 Dec 2019 05:31:54 -0800 (PST)
From: Jun Zhao <mypopydev@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Sun,  1 Dec 2019 21:31:44 +0800
Message-Id: <1575207104-9734-3-git-send-email-mypopydev@gmail.com>
X-Mailer: git-send-email 1.7.1
In-Reply-To: <1575207104-9734-1-git-send-email-mypopydev@gmail.com>
References: <1575207104-9734-1-git-send-email-mypopydev@gmail.com>
Subject: [FFmpeg-devel] [PATCH V2 2/2] lavf/srt: enable other encryption
	parameters
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Cc: Jun Zhao <barryjzhao@tencent.com>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

From: Jun Zhao <barryjzhao@tencent.com>

Enable the SRTO_ENFORCEDENCRYPTION/SRTO_KMREFRESHRATE/
SRTO_KMPREANNOUNCE for srt encryption control.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
---
 doc/protocols.texi   |   16 ++++++++++++++++
 libavformat/libsrt.c |   18 ++++++++++++++++++
 2 files changed, 34 insertions(+), 0 deletions(-)

diff --git a/doc/protocols.texi b/doc/protocols.texi
index f34f246..c36e3c9 100644
--- a/doc/protocols.texi
+++ b/doc/protocols.texi
@@ -1282,6 +1282,22 @@ only if @option{pbkeylen} is non-zero. It is used on
 the receiver only if the received data is encrypted.
 The configured passphrase cannot be recovered (write-only).
 
+@item enforced_encryption=@var{1|0}
+If true, both connection parties must have the same password
+set (including empty, that is, with no encryption). If the
+password doesn't match or only one side is unencrypted,
+the connection is rejected. Default is true.
+
+@item kmrefreshrate=@var{n}
+The number of packets to be transmitted after which the
+encryption key is switched to a new key.
+
+@item kmpreannounce=@var{n}
+The interval between when a new encryption key is sent and
+when switchover occurs. This value also applies to the
+subsequent interval between when switchover occurs and
+when the old encryption key is decommissioned.
+
 @item payload_size=@var{bytes}
 Sets the maximum declared size of a packet transferred
 during the single call to the sending function in Live
diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c
index 0a748a1..06f2c02 100644
--- a/libavformat/libsrt.c
+++ b/libavformat/libsrt.c
@@ -62,6 +62,9 @@ typedef struct SRTContext {
     int64_t maxbw;
     int pbkeylen;
     char *passphrase;
+    int enforced_encryption;
+    int kmrefreshrate;
+    int kmpreannounce;
     int mss;
     int ffs;
     int ipttl;
@@ -102,6 +105,9 @@ static const AVOption libsrt_options[] = {
     { "maxbw",          "Maximum bandwidth (bytes per second) that the connection can use",     OFFSET(maxbw),            AV_OPT_TYPE_INT64,    { .i64 = -1 }, -1, INT64_MAX, .flags = D|E },
     { "pbkeylen",       "Crypto key len in bytes {16,24,32} Default: 16 (128-bit)",             OFFSET(pbkeylen),         AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 32,        .flags = D|E },
     { "passphrase",     "Crypto PBKDF2 Passphrase size[0,10..64] 0:disable crypto",             OFFSET(passphrase),       AV_OPT_TYPE_STRING,   { .str = NULL },              .flags = D|E },
+    { "enforced_encryption",      "Enforces that both connection parties have the same passphrase set ", OFFSET(enforced_encryption),        AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 1,         .flags = D|E },
+    { "kmrefreshrate",         "The number of packets to be transmitted after which the encryption key is switched to a new key", OFFSET(kmrefreshrate),           AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, INT_MAX,   .flags = D|E },
+    { "kmpreannounce",         "The interval between when a new encryption key is sent and when switchover occurs", OFFSET(kmpreannounce),           AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, INT_MAX,   .flags = D|E },
     { "mss",            "The Maximum Segment Size",                                             OFFSET(mss),              AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 1500,      .flags = D|E },
     { "ffs",            "Flight flag size (window size) (in bytes)",                            OFFSET(ffs),              AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, INT_MAX,   .flags = D|E },
     { "ipttl",          "IP Time To Live",                                                      OFFSET(ipttl),            AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 255,       .flags = D|E },
@@ -321,6 +327,9 @@ static int libsrt_set_options_pre(URLContext *h, int fd)
         (s->maxbw >= 0 && libsrt_setsockopt(h, fd, SRTO_MAXBW, "SRTO_MAXBW", &s->maxbw, sizeof(s->maxbw)) < 0) ||
         (s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN, "SRTO_PBKEYLEN", &s->pbkeylen, sizeof(s->pbkeylen)) < 0) ||
         (s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE, "SRTO_PASSPHRASE", s->passphrase, strlen(s->passphrase)) < 0) ||
+        (s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_ENFORCEDENCRYPTION, "SRTO_ENFORCEDENCRYPTION", &s->enforced_encryption, sizeof(s->enforced_encryption)) < 0) ||
+        (s->kmrefreshrate >= 0 && libsrt_setsockopt(h, fd, SRTO_KMREFRESHRATE, "SRTO_KMREFRESHRATE", &s->kmrefreshrate, sizeof(s->kmrefreshrate)) < 0) ||
+        (s->kmpreannounce >= 0 && libsrt_setsockopt(h, fd, SRTO_KMPREANNOUNCE, "SRTO_KMPREANNOUNCE", &s->kmpreannounce, sizeof(s->kmpreannounce)) < 0) ||
         (s->mss >= 0 && libsrt_setsockopt(h, fd, SRTO_MSS, "SRTO_MMS", &s->mss, sizeof(s->mss)) < 0) ||
         (s->ffs >= 0 && libsrt_setsockopt(h, fd, SRTO_FC, "SRTO_FC", &s->ffs, sizeof(s->ffs)) < 0) ||
         (s->ipttl >= 0 && libsrt_setsockopt(h, fd, SRTO_IPTTL, "SRTO_UPTTL", &s->ipttl, sizeof(s->ipttl)) < 0) ||
@@ -506,6 +515,15 @@ static int libsrt_open(URLContext *h, const char *uri, int flags)
         if (av_find_info_tag(buf, sizeof(buf), "passphrase", p)) {
             s->passphrase = av_strndup(buf, strlen(buf));
         }
+        if (av_find_info_tag(buf, sizeof(buf), "enforced_encryption", p)) {
+            s->enforced_encryption = strtol(buf, NULL, 10);
+        }
+        if (av_find_info_tag(buf, sizeof(buf), "kmrefreshrate", p)) {
+            s->kmrefreshrate = strtol(buf, NULL, 10);
+        }
+        if (av_find_info_tag(buf, sizeof(buf), "kmpreannounce", p)) {
+            s->kmpreannounce = strtol(buf, NULL, 10);
+        }
         if (av_find_info_tag(buf, sizeof(buf), "mss", p)) {
             s->mss = strtol(buf, NULL, 10);
         }