On Wed, 4 Dec 2019, Jun Zhao wrote:
From: Jun Zhao <barryjz...@tencent.com>
Enable the SRTO_ENFORCEDENCRYPTION/SRTO_KMREFRESHRATE/
SRTO_KMPREANNOUNCE for srt encryption control.
Signed-off-by: Jun Zhao <barryjz...@tencent.com>
---
doc/protocols.texi | 20 ++++++++++++++++++++
libavformat/libsrt.c | 18 ++++++++++++++++++
2 files changed, 38 insertions(+), 0 deletions(-)
diff --git a/doc/protocols.texi b/doc/protocols.texi
index 886c3b8..d2935fc 100644
--- a/doc/protocols.texi
+++ b/doc/protocols.texi
@@ -1282,6 +1282,26 @@ only if @option{pbkeylen} is non-zero. It is used on
the receiver only if the received data is encrypted.
The configured passphrase cannot be recovered (write-only).
+@item enforced_encryption=@var{1|0}
+If true, both connection parties must have the same password
+set (including empty, that is, with no encryption). If the
+password doesn't match or only one side is unencrypted,
+the connection is rejected. Default is true.
+
+@item kmrefreshrate=@var{packets}
+The number of packets to be transmitted after which the
+encryption key is switched to a new key. Default is -1.
+-1 means auto (0x1000000 in srt library). The range for
+this option is integers in the 0 - @code{INT_MAX}.
+
+@item kmpreannounce=@var{packets}
+The interval between when a new encryption key is sent and
+when switchover occurs. This value also applies to the
+subsequent interval between when switchover occurs and
+when the old encryption key is decommissioned. Default is -1.
+-1 means auto (0x1000 in srt library). The range for
+this option is integers in the 0 - @code{INT_MAX}.
+
@item payload_size=@var{bytes}
Sets the maximum declared size of a packet transferred
during the single call to the sending function in Live
diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c
index 0a748a1..05a46c6 100644
--- a/libavformat/libsrt.c
+++ b/libavformat/libsrt.c
@@ -62,6 +62,9 @@ typedef struct SRTContext {
int64_t maxbw;
int pbkeylen;
char *passphrase;
+ int enforced_encryption;
+ int kmrefreshrate;
+ int kmpreannounce;
int mss;
int ffs;
int ipttl;
@@ -102,6 +105,9 @@ static const AVOption libsrt_options[] = {
{ "maxbw", "Maximum bandwidth (bytes per second) that the connection
can use", OFFSET(maxbw), AV_OPT_TYPE_INT64, { .i64 = -1 }, -1, INT64_MAX,
.flags = D|E },
{ "pbkeylen", "Crypto key len in bytes {16,24,32} Default: 16
(128-bit)", OFFSET(pbkeylen), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 32,
.flags = D|E },
{ "passphrase", "Crypto PBKDF2 Passphrase size[0,10..64] 0:disable
crypto", OFFSET(passphrase), AV_OPT_TYPE_STRING, { .str = NULL },
.flags = D|E },
+ { "enforced_encryption", "Enforces that both connection parties have the same
passphrase set ", OFFSET(enforced_encryption), AV_OPT_TYPE_BOOL,
{ .i64 = -1 }, -1, 1, .flags = D|E },
+ { "kmrefreshrate", "The number of packets to be transmitted after which
the encryption key is switched to a new key", OFFSET(kmrefreshrate), AV_OPT_TYPE_INT,
{ .i64 = -1 }, -1, INT_MAX, .flags = D|E },
+ { "kmpreannounce", "The interval between when a new encryption key is
sent and when switchover occurs", OFFSET(kmpreannounce), AV_OPT_TYPE_INT,
{ .i64 = -1 }, -1, INT_MAX, .flags = D|E },
{ "mss", "The Maximum Segment Size",
OFFSET(mss), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 1500,
.flags = D|E },
{ "ffs", "Flight flag size (window size) (in bytes)",
OFFSET(ffs), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX,
.flags = D|E },
{ "ipttl", "IP Time To Live",
OFFSET(ipttl), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, 255,
.flags = D|E },
@@ -321,6 +327,9 @@ static int libsrt_set_options_pre(URLContext *h, int fd)
(s->maxbw >= 0 && libsrt_setsockopt(h, fd, SRTO_MAXBW, "SRTO_MAXBW",
&s->maxbw, sizeof(s->maxbw)) < 0) ||
(s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN, "SRTO_PBKEYLEN",
&s->pbkeylen, sizeof(s->pbkeylen)) < 0) ||
(s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE, "SRTO_PASSPHRASE",
s->passphrase, strlen(s->passphrase)) < 0) ||
+ (s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_ENFORCEDENCRYPTION,
"SRTO_ENFORCEDENCRYPTION", &s->enforced_encryption, sizeof(s->enforced_encryption)) < 0) ||
+ (s->kmrefreshrate >= 0 && libsrt_setsockopt(h, fd, SRTO_KMREFRESHRATE,
"SRTO_KMREFRESHRATE", &s->kmrefreshrate, sizeof(s->kmrefreshrate)) < 0) ||
+ (s->kmpreannounce >= 0 && libsrt_setsockopt(h, fd, SRTO_KMPREANNOUNCE,
"SRTO_KMPREANNOUNCE", &s->kmpreannounce, sizeof(s->kmpreannounce)) < 0) ||
These are only available since 1.3.2, so this should be guarded by
#if SRT_VERSION_VALUE >= 0x010302 or something similar.
Instead of SRTO_ENFORCEDENCRYPTION SRTO_STRICTENC should be used for
compatiblity, because the rename only happened in 1.4.0.
(s->mss >= 0 && libsrt_setsockopt(h, fd, SRTO_MSS, "SRTO_MMS", &s->mss,
sizeof(s->mss)) < 0) ||
(s->ffs >= 0 && libsrt_setsockopt(h, fd, SRTO_FC, "SRTO_FC", &s->ffs,
sizeof(s->ffs)) < 0) ||
(s->ipttl >= 0 && libsrt_setsockopt(h, fd, SRTO_IPTTL, "SRTO_UPTTL",
&s->ipttl, sizeof(s->ipttl)) < 0) ||
@@ -506,6 +515,15 @@ static int libsrt_open(URLContext *h, const char *uri, int
flags)
if (av_find_info_tag(buf, sizeof(buf), "passphrase", p)) {
s->passphrase = av_strndup(buf, strlen(buf));
}
+ if (av_find_info_tag(buf, sizeof(buf), "enforced_encryption", p)) {
+ s->enforced_encryption = strtol(buf, NULL, 10);
+ }
+ if (av_find_info_tag(buf, sizeof(buf), "kmrefreshrate", p)) {
+ s->kmrefreshrate = strtol(buf, NULL, 10);
+ }
+ if (av_find_info_tag(buf, sizeof(buf), "kmpreannounce", p)) {
+ s->kmpreannounce = strtol(buf, NULL, 10);
+ }
if (av_find_info_tag(buf, sizeof(buf), "mss", p)) {
s->mss = strtol(buf, NULL, 10);
}
--
Regards,
Marton
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
