Re: [FFmpeg-devel] [PATCH V4 2/2] lavf/libsrt: enable other encryption parameters
On Sun, Dec 15, 2019 at 4:48 AM Marton Balint wrote: > > > On Wed, 4 Dec 2019, Jun Zhao wrote: > > > From: Jun Zhao > > > > Enable the SRTO_ENFORCEDENCRYPTION/SRTO_KMREFRESHRATE/ > > SRTO_KMPREANNOUNCE for srt encryption control. > > > > Signed-off-by: Jun Zhao > > --- > > doc/protocols.texi | 20 > > libavformat/libsrt.c | 18 ++ > > 2 files changed, 38 insertions(+), 0 deletions(-) > > > > diff --git a/doc/protocols.texi b/doc/protocols.texi > > index 886c3b8..d2935fc 100644 > > --- a/doc/protocols.texi > > +++ b/doc/protocols.texi > > @@ -1282,6 +1282,26 @@ only if @option{pbkeylen} is non-zero. It is used on > > the receiver only if the received data is encrypted. > > The configured passphrase cannot be recovered (write-only). > > > > +@item enforced_encryption=@var{1|0} > > +If true, both connection parties must have the same password > > +set (including empty, that is, with no encryption). If the > > +password doesn't match or only one side is unencrypted, > > +the connection is rejected. Default is true. > > + > > +@item kmrefreshrate=@var{packets} > > +The number of packets to be transmitted after which the > > +encryption key is switched to a new key. Default is -1. > > +-1 means auto (0x100 in srt library). The range for > > +this option is integers in the 0 - @code{INT_MAX}. > > + > > +@item kmpreannounce=@var{packets} > > +The interval between when a new encryption key is sent and > > +when switchover occurs. This value also applies to the > > +subsequent interval between when switchover occurs and > > +when the old encryption key is decommissioned. Default is -1. > > +-1 means auto (0x1000 in srt library). The range for > > +this option is integers in the 0 - @code{INT_MAX}. > > + > > @item payload_size=@var{bytes} > > Sets the maximum declared size of a packet transferred > > during the single call to the sending function in Live > > diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c > > index 0a748a1..05a46c6 100644 > > --- a/libavformat/libsrt.c > > +++ b/libavformat/libsrt.c > > @@ -62,6 +62,9 @@ typedef struct SRTContext { > > int64_t maxbw; > > int pbkeylen; > > char *passphrase; > > +int enforced_encryption; > > +int kmrefreshrate; > > +int kmpreannounce; > > int mss; > > int ffs; > > int ipttl; > > @@ -102,6 +105,9 @@ static const AVOption libsrt_options[] = { > > { "maxbw", "Maximum bandwidth (bytes per second) that the > > connection can use", OFFSET(maxbw),AV_OPT_TYPE_INT64,{ > > .i64 = -1 }, -1, INT64_MAX, .flags = D|E }, > > { "pbkeylen", "Crypto key len in bytes {16,24,32} Default: 16 > > (128-bit)", OFFSET(pbkeylen), AV_OPT_TYPE_INT, { > > .i64 = -1 }, -1, 32,.flags = D|E }, > > { "passphrase", "Crypto PBKDF2 Passphrase size[0,10..64] 0:disable > > crypto", OFFSET(passphrase), AV_OPT_TYPE_STRING, { .str > > = NULL }, .flags = D|E }, > > +{ "enforced_encryption", "Enforces that both connection parties have > > the same passphrase set ", > > OFFSET(enforced_encryption), AV_OPT_TYPE_BOOL, { .i64 = -1 }, -1, 1, > > .flags = D|E }, > > +{ "kmrefreshrate", "The number of packets to be transmitted > > after which the encryption key is switched to a new key", > > OFFSET(kmrefreshrate), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, > > .flags = D|E }, > > +{ "kmpreannounce", "The interval between when a new encryption > > key is sent and when switchover occurs", > > OFFSET(kmpreannounce), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, > > .flags = D|E }, > > { "mss","The Maximum Segment Size", > > OFFSET(mss), AV_OPT_TYPE_INT, { .i64 > > = -1 }, -1, 1500, .flags = D|E }, > > { "ffs","Flight flag size (window size) (in bytes)", > > OFFSET(ffs), AV_OPT_TYPE_INT, { .i64 > > = -1 }, -1, INT_MAX, .flags = D|E }, > > { "ipttl", "IP Time To Live", > > OFFSET(ipttl),AV_OPT_TYPE_INT, { .i64 > > = -1 }, -1, 255, .flags = D|E }, > > @@ -321,6 +327,9 @@ static int libsrt_set_options_pre(URLContext *h, int fd) > > (s->maxbw >= 0 && libsrt_setsockopt(h, fd, SRTO_MAXBW, > > "SRTO_MAXBW", >maxbw, sizeof(s->maxbw)) < 0) || > > (s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN, > > "SRTO_PBKEYLEN", >pbkeylen, sizeof(s->pbkeylen)) < 0) || > > (s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE, > > "SRTO_PASSPHRASE", s->passphrase, strlen(s->passphrase)) < 0) || > > +(s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, > > SRTO_ENFORCEDENCRYPTION, "SRTO_ENFORCEDENCRYPTION", > > >enforced_encryption,
Re: [FFmpeg-devel] [PATCH V4 2/2] lavf/libsrt: enable other encryption parameters
On Wed, 4 Dec 2019, Jun Zhao wrote: From: Jun Zhao Enable the SRTO_ENFORCEDENCRYPTION/SRTO_KMREFRESHRATE/ SRTO_KMPREANNOUNCE for srt encryption control. Signed-off-by: Jun Zhao --- doc/protocols.texi | 20 libavformat/libsrt.c | 18 ++ 2 files changed, 38 insertions(+), 0 deletions(-) diff --git a/doc/protocols.texi b/doc/protocols.texi index 886c3b8..d2935fc 100644 --- a/doc/protocols.texi +++ b/doc/protocols.texi @@ -1282,6 +1282,26 @@ only if @option{pbkeylen} is non-zero. It is used on the receiver only if the received data is encrypted. The configured passphrase cannot be recovered (write-only). +@item enforced_encryption=@var{1|0} +If true, both connection parties must have the same password +set (including empty, that is, with no encryption). If the +password doesn't match or only one side is unencrypted, +the connection is rejected. Default is true. + +@item kmrefreshrate=@var{packets} +The number of packets to be transmitted after which the +encryption key is switched to a new key. Default is -1. +-1 means auto (0x100 in srt library). The range for +this option is integers in the 0 - @code{INT_MAX}. + +@item kmpreannounce=@var{packets} +The interval between when a new encryption key is sent and +when switchover occurs. This value also applies to the +subsequent interval between when switchover occurs and +when the old encryption key is decommissioned. Default is -1. +-1 means auto (0x1000 in srt library). The range for +this option is integers in the 0 - @code{INT_MAX}. + @item payload_size=@var{bytes} Sets the maximum declared size of a packet transferred during the single call to the sending function in Live diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c index 0a748a1..05a46c6 100644 --- a/libavformat/libsrt.c +++ b/libavformat/libsrt.c @@ -62,6 +62,9 @@ typedef struct SRTContext { int64_t maxbw; int pbkeylen; char *passphrase; +int enforced_encryption; +int kmrefreshrate; +int kmpreannounce; int mss; int ffs; int ipttl; @@ -102,6 +105,9 @@ static const AVOption libsrt_options[] = { { "maxbw", "Maximum bandwidth (bytes per second) that the connection can use", OFFSET(maxbw),AV_OPT_TYPE_INT64,{ .i64 = -1 }, -1, INT64_MAX, .flags = D|E }, { "pbkeylen", "Crypto key len in bytes {16,24,32} Default: 16 (128-bit)", OFFSET(pbkeylen), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 32, .flags = D|E }, { "passphrase", "Crypto PBKDF2 Passphrase size[0,10..64] 0:disable crypto", OFFSET(passphrase), AV_OPT_TYPE_STRING, { .str = NULL }, .flags = D|E }, +{ "enforced_encryption", "Enforces that both connection parties have the same passphrase set ", OFFSET(enforced_encryption), AV_OPT_TYPE_BOOL, { .i64 = -1 }, -1, 1, .flags = D|E }, +{ "kmrefreshrate", "The number of packets to be transmitted after which the encryption key is switched to a new key", OFFSET(kmrefreshrate), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, .flags = D|E }, +{ "kmpreannounce", "The interval between when a new encryption key is sent and when switchover occurs", OFFSET(kmpreannounce), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, .flags = D|E }, { "mss","The Maximum Segment Size", OFFSET(mss), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 1500, .flags = D|E }, { "ffs","Flight flag size (window size) (in bytes)", OFFSET(ffs), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, .flags = D|E }, { "ipttl", "IP Time To Live", OFFSET(ipttl),AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 255, .flags = D|E }, @@ -321,6 +327,9 @@ static int libsrt_set_options_pre(URLContext *h, int fd) (s->maxbw >= 0 && libsrt_setsockopt(h, fd, SRTO_MAXBW, "SRTO_MAXBW", >maxbw, sizeof(s->maxbw)) < 0) || (s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN, "SRTO_PBKEYLEN", >pbkeylen, sizeof(s->pbkeylen)) < 0) || (s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE, "SRTO_PASSPHRASE", s->passphrase, strlen(s->passphrase)) < 0) || +(s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_ENFORCEDENCRYPTION, "SRTO_ENFORCEDENCRYPTION", >enforced_encryption, sizeof(s->enforced_encryption)) < 0) || +(s->kmrefreshrate >= 0 && libsrt_setsockopt(h, fd, SRTO_KMREFRESHRATE, "SRTO_KMREFRESHRATE", >kmrefreshrate, sizeof(s->kmrefreshrate)) < 0) || +(s->kmpreannounce >= 0 && libsrt_setsockopt(h, fd, SRTO_KMPREANNOUNCE, "SRTO_KMPREANNOUNCE", >kmpreannounce, sizeof(s->kmpreannounce)) < 0) || These are only available since 1.3.2, so this should be guarded by #if SRT_VERSION_VALUE >= 0x010302
[FFmpeg-devel] [PATCH V4 2/2] lavf/libsrt: enable other encryption parameters
From: Jun Zhao Enable the SRTO_ENFORCEDENCRYPTION/SRTO_KMREFRESHRATE/ SRTO_KMPREANNOUNCE for srt encryption control. Signed-off-by: Jun Zhao --- doc/protocols.texi | 20 libavformat/libsrt.c | 18 ++ 2 files changed, 38 insertions(+), 0 deletions(-) diff --git a/doc/protocols.texi b/doc/protocols.texi index 886c3b8..d2935fc 100644 --- a/doc/protocols.texi +++ b/doc/protocols.texi @@ -1282,6 +1282,26 @@ only if @option{pbkeylen} is non-zero. It is used on the receiver only if the received data is encrypted. The configured passphrase cannot be recovered (write-only). +@item enforced_encryption=@var{1|0} +If true, both connection parties must have the same password +set (including empty, that is, with no encryption). If the +password doesn't match or only one side is unencrypted, +the connection is rejected. Default is true. + +@item kmrefreshrate=@var{packets} +The number of packets to be transmitted after which the +encryption key is switched to a new key. Default is -1. +-1 means auto (0x100 in srt library). The range for +this option is integers in the 0 - @code{INT_MAX}. + +@item kmpreannounce=@var{packets} +The interval between when a new encryption key is sent and +when switchover occurs. This value also applies to the +subsequent interval between when switchover occurs and +when the old encryption key is decommissioned. Default is -1. +-1 means auto (0x1000 in srt library). The range for +this option is integers in the 0 - @code{INT_MAX}. + @item payload_size=@var{bytes} Sets the maximum declared size of a packet transferred during the single call to the sending function in Live diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c index 0a748a1..05a46c6 100644 --- a/libavformat/libsrt.c +++ b/libavformat/libsrt.c @@ -62,6 +62,9 @@ typedef struct SRTContext { int64_t maxbw; int pbkeylen; char *passphrase; +int enforced_encryption; +int kmrefreshrate; +int kmpreannounce; int mss; int ffs; int ipttl; @@ -102,6 +105,9 @@ static const AVOption libsrt_options[] = { { "maxbw", "Maximum bandwidth (bytes per second) that the connection can use", OFFSET(maxbw),AV_OPT_TYPE_INT64,{ .i64 = -1 }, -1, INT64_MAX, .flags = D|E }, { "pbkeylen", "Crypto key len in bytes {16,24,32} Default: 16 (128-bit)", OFFSET(pbkeylen), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 32,.flags = D|E }, { "passphrase", "Crypto PBKDF2 Passphrase size[0,10..64] 0:disable crypto", OFFSET(passphrase), AV_OPT_TYPE_STRING, { .str = NULL }, .flags = D|E }, +{ "enforced_encryption", "Enforces that both connection parties have the same passphrase set ", OFFSET(enforced_encryption), AV_OPT_TYPE_BOOL, { .i64 = -1 }, -1, 1, .flags = D|E }, +{ "kmrefreshrate", "The number of packets to be transmitted after which the encryption key is switched to a new key", OFFSET(kmrefreshrate), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, .flags = D|E }, +{ "kmpreannounce", "The interval between when a new encryption key is sent and when switchover occurs", OFFSET(kmpreannounce), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, .flags = D|E }, { "mss","The Maximum Segment Size", OFFSET(mss), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 1500, .flags = D|E }, { "ffs","Flight flag size (window size) (in bytes)", OFFSET(ffs), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, .flags = D|E }, { "ipttl", "IP Time To Live", OFFSET(ipttl),AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 255, .flags = D|E }, @@ -321,6 +327,9 @@ static int libsrt_set_options_pre(URLContext *h, int fd) (s->maxbw >= 0 && libsrt_setsockopt(h, fd, SRTO_MAXBW, "SRTO_MAXBW", >maxbw, sizeof(s->maxbw)) < 0) || (s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN, "SRTO_PBKEYLEN", >pbkeylen, sizeof(s->pbkeylen)) < 0) || (s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE, "SRTO_PASSPHRASE", s->passphrase, strlen(s->passphrase)) < 0) || +(s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_ENFORCEDENCRYPTION, "SRTO_ENFORCEDENCRYPTION", >enforced_encryption, sizeof(s->enforced_encryption)) < 0) || +(s->kmrefreshrate >= 0 && libsrt_setsockopt(h, fd, SRTO_KMREFRESHRATE, "SRTO_KMREFRESHRATE", >kmrefreshrate, sizeof(s->kmrefreshrate)) < 0) || +(s->kmpreannounce >= 0 && libsrt_setsockopt(h, fd, SRTO_KMPREANNOUNCE, "SRTO_KMPREANNOUNCE", >kmpreannounce, sizeof(s->kmpreannounce)) < 0) || (s->mss >= 0 && libsrt_setsockopt(h, fd, SRTO_MSS, "SRTO_MMS", >mss, sizeof(s->mss)) < 0) || (s->ffs