Re: [FFmpeg-devel] [PATCH V4 2/2] lavf/libsrt: enable other encryption parameters
On Sun, Dec 15, 2019 at 4:48 AM Marton Balint wrote:
>
>
> On Wed, 4 Dec 2019, Jun Zhao wrote:
>
> > From: Jun Zhao
> >
> > Enable the SRTO_ENFORCEDENCRYPTION/SRTO_KMREFRESHRATE/
> > SRTO_KMPREANNOUNCE for srt encryption control.
> >
> > Signed-off-by: Jun Zhao
> > ---
> > doc/protocols.texi | 20
> > libavformat/libsrt.c | 18 ++
> > 2 files changed, 38 insertions(+), 0 deletions(-)
> >
> > diff --git a/doc/protocols.texi b/doc/protocols.texi
> > index 886c3b8..d2935fc 100644
> > --- a/doc/protocols.texi
> > +++ b/doc/protocols.texi
> > @@ -1282,6 +1282,26 @@ only if @option{pbkeylen} is non-zero. It is used on
> > the receiver only if the received data is encrypted.
> > The configured passphrase cannot be recovered (write-only).
> >
> > +@item enforced_encryption=@var{1|0}
> > +If true, both connection parties must have the same password
> > +set (including empty, that is, with no encryption). If the
> > +password doesn't match or only one side is unencrypted,
> > +the connection is rejected. Default is true.
> > +
> > +@item kmrefreshrate=@var{packets}
> > +The number of packets to be transmitted after which the
> > +encryption key is switched to a new key. Default is -1.
> > +-1 means auto (0x100 in srt library). The range for
> > +this option is integers in the 0 - @code{INT_MAX}.
> > +
> > +@item kmpreannounce=@var{packets}
> > +The interval between when a new encryption key is sent and
> > +when switchover occurs. This value also applies to the
> > +subsequent interval between when switchover occurs and
> > +when the old encryption key is decommissioned. Default is -1.
> > +-1 means auto (0x1000 in srt library). The range for
> > +this option is integers in the 0 - @code{INT_MAX}.
> > +
> > @item payload_size=@var{bytes}
> > Sets the maximum declared size of a packet transferred
> > during the single call to the sending function in Live
> > diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c
> > index 0a748a1..05a46c6 100644
> > --- a/libavformat/libsrt.c
> > +++ b/libavformat/libsrt.c
> > @@ -62,6 +62,9 @@ typedef struct SRTContext {
> > int64_t maxbw;
> > int pbkeylen;
> > char *passphrase;
> > +int enforced_encryption;
> > +int kmrefreshrate;
> > +int kmpreannounce;
> > int mss;
> > int ffs;
> > int ipttl;
> > @@ -102,6 +105,9 @@ static const AVOption libsrt_options[] = {
> > { "maxbw", "Maximum bandwidth (bytes per second) that the
> > connection can use", OFFSET(maxbw),AV_OPT_TYPE_INT64,{
> > .i64 = -1 }, -1, INT64_MAX, .flags = D|E },
> > { "pbkeylen", "Crypto key len in bytes {16,24,32} Default: 16
> > (128-bit)", OFFSET(pbkeylen), AV_OPT_TYPE_INT, {
> > .i64 = -1 }, -1, 32,.flags = D|E },
> > { "passphrase", "Crypto PBKDF2 Passphrase size[0,10..64] 0:disable
> > crypto", OFFSET(passphrase), AV_OPT_TYPE_STRING, { .str
> > = NULL }, .flags = D|E },
> > +{ "enforced_encryption", "Enforces that both connection parties have
> > the same passphrase set ",
> > OFFSET(enforced_encryption), AV_OPT_TYPE_BOOL, { .i64 = -1 }, -1, 1,
> > .flags = D|E },
> > +{ "kmrefreshrate", "The number of packets to be transmitted
> > after which the encryption key is switched to a new key",
> > OFFSET(kmrefreshrate), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX,
> > .flags = D|E },
> > +{ "kmpreannounce", "The interval between when a new encryption
> > key is sent and when switchover occurs",
> > OFFSET(kmpreannounce), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX,
> > .flags = D|E },
> > { "mss","The Maximum Segment Size",
> > OFFSET(mss), AV_OPT_TYPE_INT, { .i64
> > = -1 }, -1, 1500, .flags = D|E },
> > { "ffs","Flight flag size (window size) (in bytes)",
> > OFFSET(ffs), AV_OPT_TYPE_INT, { .i64
> > = -1 }, -1, INT_MAX, .flags = D|E },
> > { "ipttl", "IP Time To Live",
> > OFFSET(ipttl),AV_OPT_TYPE_INT, { .i64
> > = -1 }, -1, 255, .flags = D|E },
> > @@ -321,6 +327,9 @@ static int libsrt_set_options_pre(URLContext *h, int fd)
> > (s->maxbw >= 0 && libsrt_setsockopt(h, fd, SRTO_MAXBW,
> > "SRTO_MAXBW", >maxbw, sizeof(s->maxbw)) < 0) ||
> > (s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN,
> > "SRTO_PBKEYLEN", >pbkeylen, sizeof(s->pbkeylen)) < 0) ||
> > (s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE,
> > "SRTO_PASSPHRASE", s->passphrase, strlen(s->passphrase)) < 0) ||
> > +(s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd,
> > SRTO_ENFORCEDENCRYPTION, "SRTO_ENFORCEDENCRYPTION",
> > >enforced_encryption,
Re: [FFmpeg-devel] [PATCH V4 2/2] lavf/libsrt: enable other encryption parameters
On Wed, 4 Dec 2019, Jun Zhao wrote:
From: Jun Zhao
Enable the SRTO_ENFORCEDENCRYPTION/SRTO_KMREFRESHRATE/
SRTO_KMPREANNOUNCE for srt encryption control.
Signed-off-by: Jun Zhao
---
doc/protocols.texi | 20
libavformat/libsrt.c | 18 ++
2 files changed, 38 insertions(+), 0 deletions(-)
diff --git a/doc/protocols.texi b/doc/protocols.texi
index 886c3b8..d2935fc 100644
--- a/doc/protocols.texi
+++ b/doc/protocols.texi
@@ -1282,6 +1282,26 @@ only if @option{pbkeylen} is non-zero. It is used on
the receiver only if the received data is encrypted.
The configured passphrase cannot be recovered (write-only).
+@item enforced_encryption=@var{1|0}
+If true, both connection parties must have the same password
+set (including empty, that is, with no encryption). If the
+password doesn't match or only one side is unencrypted,
+the connection is rejected. Default is true.
+
+@item kmrefreshrate=@var{packets}
+The number of packets to be transmitted after which the
+encryption key is switched to a new key. Default is -1.
+-1 means auto (0x100 in srt library). The range for
+this option is integers in the 0 - @code{INT_MAX}.
+
+@item kmpreannounce=@var{packets}
+The interval between when a new encryption key is sent and
+when switchover occurs. This value also applies to the
+subsequent interval between when switchover occurs and
+when the old encryption key is decommissioned. Default is -1.
+-1 means auto (0x1000 in srt library). The range for
+this option is integers in the 0 - @code{INT_MAX}.
+
@item payload_size=@var{bytes}
Sets the maximum declared size of a packet transferred
during the single call to the sending function in Live
diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c
index 0a748a1..05a46c6 100644
--- a/libavformat/libsrt.c
+++ b/libavformat/libsrt.c
@@ -62,6 +62,9 @@ typedef struct SRTContext {
int64_t maxbw;
int pbkeylen;
char *passphrase;
+int enforced_encryption;
+int kmrefreshrate;
+int kmpreannounce;
int mss;
int ffs;
int ipttl;
@@ -102,6 +105,9 @@ static const AVOption libsrt_options[] = {
{ "maxbw", "Maximum bandwidth (bytes per second) that the connection
can use", OFFSET(maxbw),AV_OPT_TYPE_INT64,{ .i64 = -1 }, -1, INT64_MAX,
.flags = D|E },
{ "pbkeylen", "Crypto key len in bytes {16,24,32} Default: 16
(128-bit)", OFFSET(pbkeylen), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 32,
.flags = D|E },
{ "passphrase", "Crypto PBKDF2 Passphrase size[0,10..64] 0:disable
crypto", OFFSET(passphrase), AV_OPT_TYPE_STRING, { .str = NULL },
.flags = D|E },
+{ "enforced_encryption", "Enforces that both connection parties have the same
passphrase set ", OFFSET(enforced_encryption), AV_OPT_TYPE_BOOL,
{ .i64 = -1 }, -1, 1, .flags = D|E },
+{ "kmrefreshrate", "The number of packets to be transmitted after which
the encryption key is switched to a new key", OFFSET(kmrefreshrate), AV_OPT_TYPE_INT,
{ .i64 = -1 }, -1, INT_MAX, .flags = D|E },
+{ "kmpreannounce", "The interval between when a new encryption key is
sent and when switchover occurs", OFFSET(kmpreannounce), AV_OPT_TYPE_INT,
{ .i64 = -1 }, -1, INT_MAX, .flags = D|E },
{ "mss","The Maximum Segment Size",
OFFSET(mss), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 1500,
.flags = D|E },
{ "ffs","Flight flag size (window size) (in bytes)",
OFFSET(ffs), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX,
.flags = D|E },
{ "ipttl", "IP Time To Live",
OFFSET(ipttl),AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 255,
.flags = D|E },
@@ -321,6 +327,9 @@ static int libsrt_set_options_pre(URLContext *h, int fd)
(s->maxbw >= 0 && libsrt_setsockopt(h, fd, SRTO_MAXBW, "SRTO_MAXBW",
>maxbw, sizeof(s->maxbw)) < 0) ||
(s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN, "SRTO_PBKEYLEN",
>pbkeylen, sizeof(s->pbkeylen)) < 0) ||
(s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE, "SRTO_PASSPHRASE",
s->passphrase, strlen(s->passphrase)) < 0) ||
+(s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_ENFORCEDENCRYPTION,
"SRTO_ENFORCEDENCRYPTION", >enforced_encryption, sizeof(s->enforced_encryption)) < 0) ||
+(s->kmrefreshrate >= 0 && libsrt_setsockopt(h, fd, SRTO_KMREFRESHRATE,
"SRTO_KMREFRESHRATE", >kmrefreshrate, sizeof(s->kmrefreshrate)) < 0) ||
+(s->kmpreannounce >= 0 && libsrt_setsockopt(h, fd, SRTO_KMPREANNOUNCE,
"SRTO_KMPREANNOUNCE", >kmpreannounce, sizeof(s->kmpreannounce)) < 0) ||
These are only available since 1.3.2, so this should be guarded by
#if SRT_VERSION_VALUE >= 0x010302
[FFmpeg-devel] [PATCH V4 2/2] lavf/libsrt: enable other encryption parameters
From: Jun Zhao
Enable the SRTO_ENFORCEDENCRYPTION/SRTO_KMREFRESHRATE/
SRTO_KMPREANNOUNCE for srt encryption control.
Signed-off-by: Jun Zhao
---
doc/protocols.texi | 20
libavformat/libsrt.c | 18 ++
2 files changed, 38 insertions(+), 0 deletions(-)
diff --git a/doc/protocols.texi b/doc/protocols.texi
index 886c3b8..d2935fc 100644
--- a/doc/protocols.texi
+++ b/doc/protocols.texi
@@ -1282,6 +1282,26 @@ only if @option{pbkeylen} is non-zero. It is used on
the receiver only if the received data is encrypted.
The configured passphrase cannot be recovered (write-only).
+@item enforced_encryption=@var{1|0}
+If true, both connection parties must have the same password
+set (including empty, that is, with no encryption). If the
+password doesn't match or only one side is unencrypted,
+the connection is rejected. Default is true.
+
+@item kmrefreshrate=@var{packets}
+The number of packets to be transmitted after which the
+encryption key is switched to a new key. Default is -1.
+-1 means auto (0x100 in srt library). The range for
+this option is integers in the 0 - @code{INT_MAX}.
+
+@item kmpreannounce=@var{packets}
+The interval between when a new encryption key is sent and
+when switchover occurs. This value also applies to the
+subsequent interval between when switchover occurs and
+when the old encryption key is decommissioned. Default is -1.
+-1 means auto (0x1000 in srt library). The range for
+this option is integers in the 0 - @code{INT_MAX}.
+
@item payload_size=@var{bytes}
Sets the maximum declared size of a packet transferred
during the single call to the sending function in Live
diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c
index 0a748a1..05a46c6 100644
--- a/libavformat/libsrt.c
+++ b/libavformat/libsrt.c
@@ -62,6 +62,9 @@ typedef struct SRTContext {
int64_t maxbw;
int pbkeylen;
char *passphrase;
+int enforced_encryption;
+int kmrefreshrate;
+int kmpreannounce;
int mss;
int ffs;
int ipttl;
@@ -102,6 +105,9 @@ static const AVOption libsrt_options[] = {
{ "maxbw", "Maximum bandwidth (bytes per second) that the
connection can use", OFFSET(maxbw),AV_OPT_TYPE_INT64,{ .i64
= -1 }, -1, INT64_MAX, .flags = D|E },
{ "pbkeylen", "Crypto key len in bytes {16,24,32} Default: 16
(128-bit)", OFFSET(pbkeylen), AV_OPT_TYPE_INT, { .i64
= -1 }, -1, 32,.flags = D|E },
{ "passphrase", "Crypto PBKDF2 Passphrase size[0,10..64] 0:disable
crypto", OFFSET(passphrase), AV_OPT_TYPE_STRING, { .str =
NULL }, .flags = D|E },
+{ "enforced_encryption", "Enforces that both connection parties have the
same passphrase set ", OFFSET(enforced_encryption),
AV_OPT_TYPE_BOOL, { .i64 = -1 }, -1, 1, .flags = D|E },
+{ "kmrefreshrate", "The number of packets to be transmitted after
which the encryption key is switched to a new key", OFFSET(kmrefreshrate),
AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, .flags = D|E },
+{ "kmpreannounce", "The interval between when a new encryption key
is sent and when switchover occurs", OFFSET(kmpreannounce),
AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, .flags = D|E },
{ "mss","The Maximum Segment Size",
OFFSET(mss), AV_OPT_TYPE_INT, { .i64 = -1 },
-1, 1500, .flags = D|E },
{ "ffs","Flight flag size (window size) (in bytes)",
OFFSET(ffs), AV_OPT_TYPE_INT, { .i64 = -1 },
-1, INT_MAX, .flags = D|E },
{ "ipttl", "IP Time To Live",
OFFSET(ipttl),AV_OPT_TYPE_INT, { .i64 = -1 },
-1, 255, .flags = D|E },
@@ -321,6 +327,9 @@ static int libsrt_set_options_pre(URLContext *h, int fd)
(s->maxbw >= 0 && libsrt_setsockopt(h, fd, SRTO_MAXBW, "SRTO_MAXBW",
>maxbw, sizeof(s->maxbw)) < 0) ||
(s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN,
"SRTO_PBKEYLEN", >pbkeylen, sizeof(s->pbkeylen)) < 0) ||
(s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE,
"SRTO_PASSPHRASE", s->passphrase, strlen(s->passphrase)) < 0) ||
+(s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd,
SRTO_ENFORCEDENCRYPTION, "SRTO_ENFORCEDENCRYPTION", >enforced_encryption,
sizeof(s->enforced_encryption)) < 0) ||
+(s->kmrefreshrate >= 0 && libsrt_setsockopt(h, fd, SRTO_KMREFRESHRATE,
"SRTO_KMREFRESHRATE", >kmrefreshrate, sizeof(s->kmrefreshrate)) < 0) ||
+(s->kmpreannounce >= 0 && libsrt_setsockopt(h, fd, SRTO_KMPREANNOUNCE,
"SRTO_KMPREANNOUNCE", >kmpreannounce, sizeof(s->kmpreannounce)) < 0) ||
(s->mss >= 0 && libsrt_setsockopt(h, fd, SRTO_MSS, "SRTO_MMS",
>mss, sizeof(s->mss)) < 0) ||
(s->ffs
