From 424da308302bef604844d3110a39f2f03bf5358e Mon Sep 17 00:00:00 2001 From: Martin Storsjö Date: Sat, 20 Oct 2012 23:18:01 +0300 Subject: rtsp: Support decryption of SRTP signalled via RFC 4568 (SDES) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This only takes care of decrypting incoming packets; the outgoing RTCP packets are not encrypted. This is enough for some use cases, and signalling crypto keys for use with outgoing RTCP packets doesn't fit as simply into the API. If the SDP demuxer is hooked up with custom IO, the return packets can be encrypted e.g. via the SRTP protocol. If the SRTP keys aren't available within the SDP, the decryption can be handled externally as well (when using custom IO). Signed-off-by: Martin Storsjö --- libavformat/Makefile | 3 ++- libavformat/rtpdec.c | 14 +++++++++++++- libavformat/rtpdec.h | 6 ++++++ libavformat/rtsp.c | 12 ++++++++++++ libavformat/rtsp.h | 3 +++ libavformat/version.h | 2 +- 6 files changed, 37 insertions(+), 3 deletions(-) (limited to 'libavformat') diff --git a/libavformat/Makefile b/libavformat/Makefile index 2d663300fd..7c0b926407 100644 --- a/libavformat/Makefile +++ b/libavformat/Makefile @@ -40,7 +40,8 @@ OBJS-$(CONFIG_RTPDEC) += rdt.o \ rtpdec_qt.o \ rtpdec_svq3.o \ rtpdec_vp8.o \ - rtpdec_xiph.o + rtpdec_xiph.o \ + srtp.o OBJS-$(CONFIG_RTPENC_CHAIN) += rtpenc_chain.o rtp.o # muxers/demuxers diff --git a/libavformat/rtpdec.c b/libavformat/rtpdec.c index 73d02069ea..e052ee6f33 100644 --- a/libavformat/rtpdec.c +++ b/libavformat/rtpdec.c @@ -26,6 +26,7 @@ #include "avformat.h" #include "mpegts.h" #include "network.h" +#include "srtp.h" #include "url.h" #include "rtpdec.h" #include "rtpdec_formats.h" @@ -543,6 +544,13 @@ void ff_rtp_parse_set_dynamic_protocol(RTPDemuxContext *s, PayloadContext *ctx, s->handler = handler; } +void ff_rtp_parse_set_crypto(RTPDemuxContext *s, const char *suite, + const char *params) +{ + if (!ff_srtp_set_crypto(&s->srtp, suite, params)) + s->srtp_enabled = 1; +} + /** * This was the second switch in rtp_parse packet. * Normalizes time, if required, sets stream_index, etc. @@ -876,7 +884,10 @@ static int rtp_parse_one_packet(RTPDemuxContext *s, AVPacket *pkt, int ff_rtp_parse_packet(RTPDemuxContext *s, AVPacket *pkt, uint8_t **bufptr, int len) { - int rv = rtp_parse_one_packet(s, pkt, bufptr, len); + int rv; + if (s->srtp_enabled && bufptr && ff_srtp_decrypt(&s->srtp, *bufptr, &len) < 0) + return -1; + rv = rtp_parse_one_packet(s, pkt, bufptr, len); s->prev_ret = rv; while (rv == AVERROR(EAGAIN) && has_next_packet(s)) rv = rtp_parse_queued_packet(s, pkt); @@ -889,6 +900,7 @@ void ff_rtp_parse_close(RTPDemuxContext *s) if (!strcmp(ff_rtp_enc_name(s->payload_type), "MP2T")) { ff_mpegts_parse_close(s->ts); } + ff_srtp_free(&s->srtp); av_free(s); } diff --git a/libavformat/rtpdec.h b/libavformat/rtpdec.h index b34e099b32..eaef993d09 100644 --- a/libavformat/rtpdec.h +++ b/libavformat/rtpdec.h @@ -27,6 +27,7 @@ #include "avformat.h" #include "rtp.h" #include "url.h" +#include "srtp.h" typedef struct PayloadContext PayloadContext; typedef struct RTPDynamicProtocolHandler RTPDynamicProtocolHandler; @@ -43,6 +44,8 @@ RTPDemuxContext *ff_rtp_parse_open(AVFormatContext *s1, AVStream *st, int payload_type, int queue_size); void ff_rtp_parse_set_dynamic_protocol(RTPDemuxContext *s, PayloadContext *ctx, RTPDynamicProtocolHandler *handler); +void ff_rtp_parse_set_crypto(RTPDemuxContext *s, const char *suite, + const char *params); int ff_rtp_parse_packet(RTPDemuxContext *s, AVPacket *pkt, uint8_t **buf, int len); void ff_rtp_parse_close(RTPDemuxContext *s); @@ -163,6 +166,9 @@ struct RTPDemuxContext { /* used to send back RTCP RR */ char hostname[256]; + int srtp_enabled; + struct SRTPContext srtp; + /** Statistics for this stream (used by RTCP receiver reports) */ RTPStatistics statistics; diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c index 05058d014a..9a657fb440 100644 --- a/libavformat/rtsp.c +++ b/libavformat/rtsp.c @@ -479,6 +479,14 @@ static void sdp_parse_line(AVFormatContext *s, SDPParseState *s1, s->nb_streams > 0) { st = s->streams[s->nb_streams - 1]; st->codec->sample_rate = atoi(p); + } else if (av_strstart(p, "crypto:", &p) && s->nb_streams > 0) { + // RFC 4568 + rtsp_st = rt->rtsp_streams[rt->nb_rtsp_streams - 1]; + get_word(buf1, sizeof(buf1), &p); // ignore tag + get_word(rtsp_st->crypto_suite, sizeof(rtsp_st->crypto_suite), &p); + p += strspn(p, SPACE_CHARS); + if (av_strstart(p, "inline:", &p)) + get_word(rtsp_st->crypto_params, sizeof(rtsp_st->crypto_params), &p); } else { if (rt->server_type == RTSP_SERVER_WMS) ff_wms_parse_sdp_a_line(s, p); @@ -652,6 +660,10 @@ int ff_rtsp_open_transport_ctx(AVFormatContext *s, RTSPStream *rtsp_st) rtsp_st->dynamic_protocol_context, rtsp_st->dynamic_handler); } + if (rtsp_st->crypto_suite[0]) + ff_rtp_parse_set_crypto(rtsp_st->transport_priv, + rtsp_st->crypto_suite, + rtsp_st->crypto_params); } return 0; diff --git a/libavformat/rtsp.h b/libavformat/rtsp.h index e8d57f283a..44240c1d0f 100644 --- a/libavformat/rtsp.h +++ b/libavformat/rtsp.h @@ -440,6 +440,9 @@ typedef struct RTSPStream { /** Enable sending RTCP feedback messages according to RFC 4585 */ int feedback; + + char crypto_suite[40]; + char crypto_params[100]; } RTSPStream; void ff_rtsp_parse_line(RTSPMessageHeader *reply, const char *buf, diff --git a/libavformat/version.h b/libavformat/version.h index 2944d5e1f8..cb6bc7727c 100644 --- a/libavformat/version.h +++ b/libavformat/version.h @@ -31,7 +31,7 @@ #define LIBAVFORMAT_VERSION_MAJOR 54 #define LIBAVFORMAT_VERSION_MINOR 20 -#define LIBAVFORMAT_VERSION_MICRO 4 +#define LIBAVFORMAT_VERSION_MICRO 5 #define LIBAVFORMAT_VERSION_INT AV_VERSION_INT(LIBAVFORMAT_VERSION_MAJOR, \ LIBAVFORMAT_VERSION_MINOR, \ -- cgit v1.2.3 From 2f3bada63e57345329c4f9b48e9b81b5cfc03d05 Mon Sep 17 00:00:00 2001 From: Martin Storsjö Date: Wed, 12 Dec 2012 00:22:48 +0200 Subject: lavf: Add a protocol for SRTP encryption/decryption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is mostly useful for encryption together with the RTP muxer, but could also be set up as IO towards the peer with the SDP demuxer with custom IO. Signed-off-by: Martin Storsjö --- libavformat/Makefile | 1 + libavformat/allformats.c | 1 + libavformat/srtpproto.c | 144 +++++++++++++++++++++++++++++++++++++++++++++++ libavformat/version.h | 4 +- 4 files changed, 148 insertions(+), 2 deletions(-) create mode 100644 libavformat/srtpproto.c (limited to 'libavformat') diff --git a/libavformat/Makefile b/libavformat/Makefile index 7c0b926407..1f008a9255 100644 --- a/libavformat/Makefile +++ b/libavformat/Makefile @@ -367,6 +367,7 @@ OBJS-$(CONFIG_RTMPTE_PROTOCOL) += rtmpproto.o rtmppkt.o OBJS-$(CONFIG_RTMPTS_PROTOCOL) += rtmpproto.o rtmppkt.o OBJS-$(CONFIG_RTP_PROTOCOL) += rtpproto.o OBJS-$(CONFIG_SCTP_PROTOCOL) += sctp.o +OBJS-$(CONFIG_SRTP_PROTOCOL) += srtpproto.o srtp.o OBJS-$(CONFIG_TCP_PROTOCOL) += tcp.o OBJS-$(CONFIG_TLS_PROTOCOL) += tls.o OBJS-$(CONFIG_UDP_PROTOCOL) += udp.o diff --git a/libavformat/allformats.c b/libavformat/allformats.c index 34cf566b0f..4aae223c68 100644 --- a/libavformat/allformats.c +++ b/libavformat/allformats.c @@ -280,6 +280,7 @@ void av_register_all(void) REGISTER_PROTOCOL(RTMPTS, rtmpts); REGISTER_PROTOCOL(RTP, rtp); REGISTER_PROTOCOL(SCTP, sctp); + REGISTER_PROTOCOL(SRTP, srtp); REGISTER_PROTOCOL(TCP, tcp); REGISTER_PROTOCOL(TLS, tls); REGISTER_PROTOCOL(UDP, udp); diff --git a/libavformat/srtpproto.c b/libavformat/srtpproto.c new file mode 100644 index 0000000000..1cacfdbb06 --- /dev/null +++ b/libavformat/srtpproto.c @@ -0,0 +1,144 @@ +/* + * SRTP network protocol + * Copyright (c) 2012 Martin Storsjo + * + * This file is part of Libav. + * + * Libav is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * Libav is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with Libav; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include "libavutil/opt.h" +#include "avformat.h" +#include "avio_internal.h" +#include "url.h" + +#include "internal.h" +#include "srtp.h" + +typedef struct SRTPProtoContext { + const AVClass *class; + URLContext *rtp_hd; + const char *out_suite, *out_params; + const char *in_suite, *in_params; + struct SRTPContext srtp_out, srtp_in; + uint8_t encryptbuf[1500]; +} SRTPProtoContext; + +#define D AV_OPT_FLAG_DECODING_PARAM +#define E AV_OPT_FLAG_ENCODING_PARAM +static const AVOption options[] = { + { "srtp_out_suite", "", offsetof(SRTPProtoContext, out_suite), AV_OPT_TYPE_STRING, { .str = NULL }, 0, 0, E }, + { "srtp_out_params", "", offsetof(SRTPProtoContext, out_params), AV_OPT_TYPE_STRING, { .str = NULL }, 0, 0, E }, + { "srtp_in_suite", "", offsetof(SRTPProtoContext, in_suite), AV_OPT_TYPE_STRING, { .str = NULL }, 0, 0, E }, + { "srtp_in_params", "", offsetof(SRTPProtoContext, in_params), AV_OPT_TYPE_STRING, { .str = NULL }, 0, 0, E }, + { NULL } +}; + +static const AVClass srtp_context_class = { + .class_name = "srtp", + .item_name = av_default_item_name, + .option = options, + .version = LIBAVUTIL_VERSION_INT, +}; + +static int srtp_close(URLContext *h) +{ + SRTPProtoContext *s = h->priv_data; + ff_srtp_free(&s->srtp_out); + ff_srtp_free(&s->srtp_in); + ffurl_close(s->rtp_hd); + s->rtp_hd = NULL; + return 0; +} + +static int srtp_open(URLContext *h, const char *uri, int flags) +{ + SRTPProtoContext *s = h->priv_data; + char hostname[256], buf[1024], path[1024]; + int rtp_port, ret; + + if (s->out_suite && s->out_params) + if ((ret = ff_srtp_set_crypto(&s->srtp_out, s->out_suite, s->out_params)) < 0) + goto fail; + if (s->in_suite && s->in_params) + if ((ret = ff_srtp_set_crypto(&s->srtp_in, s->in_suite, s->in_params)) < 0) + goto fail; + + av_url_split(NULL, 0, NULL, 0, hostname, sizeof(hostname), &rtp_port, + path, sizeof(path), uri); + ff_url_join(buf, sizeof(buf), "rtp", NULL, hostname, rtp_port, "%s", path); + if ((ret = ffurl_open(&s->rtp_hd, buf, flags, &h->interrupt_callback, NULL)) < 0) + goto fail; + + h->max_packet_size = FFMIN(s->rtp_hd->max_packet_size, + sizeof(s->encryptbuf)) - 14; + h->is_streamed = 1; + return 0; + +fail: + srtp_close(h); + return ret; +} + +static int srtp_read(URLContext *h, uint8_t *buf, int size) +{ + SRTPProtoContext *s = h->priv_data; + int ret; +start: + ret = ffurl_read(s->rtp_hd, buf, size); + if (ret > 0 && s->srtp_in.aes) { + if (ff_srtp_decrypt(&s->srtp_in, buf, &ret) < 0) + goto start; + } + return ret; +} + +static int srtp_write(URLContext *h, const uint8_t *buf, int size) +{ + SRTPProtoContext *s = h->priv_data; + if (!s->srtp_out.aes) + return ffurl_write(s->rtp_hd, buf, size); + size = ff_srtp_encrypt(&s->srtp_out, buf, size, s->encryptbuf, + sizeof(s->encryptbuf)); + if (size < 0) + return size; + return ffurl_write(s->rtp_hd, s->encryptbuf, size); +} + +static int srtp_get_file_handle(URLContext *h) +{ + SRTPProtoContext *s = h->priv_data; + return ffurl_get_file_handle(s->rtp_hd); +} + +static int srtp_get_multi_file_handle(URLContext *h, int **handles, + int *numhandles) +{ + SRTPProtoContext *s = h->priv_data; + return ffurl_get_multi_file_handle(s->rtp_hd, handles, numhandles); +} + +URLProtocol ff_srtp_protocol = { + .name = "srtp", + .url_open = srtp_open, + .url_read = srtp_read, + .url_write = srtp_write, + .url_close = srtp_close, + .url_get_file_handle = srtp_get_file_handle, + .url_get_multi_file_handle = srtp_get_multi_file_handle, + .priv_data_size = sizeof(SRTPProtoContext), + .priv_data_class = &srtp_context_class, + .flags = URL_PROTOCOL_FLAG_NETWORK, +}; diff --git a/libavformat/version.h b/libavformat/version.h index cb6bc7727c..89f1f6c603 100644 --- a/libavformat/version.h +++ b/libavformat/version.h @@ -30,8 +30,8 @@ #include "libavutil/avutil.h" #define LIBAVFORMAT_VERSION_MAJOR 54 -#define LIBAVFORMAT_VERSION_MINOR 20 -#define LIBAVFORMAT_VERSION_MICRO 5 +#define LIBAVFORMAT_VERSION_MINOR 21 +#define LIBAVFORMAT_VERSION_MICRO 0 #define LIBAVFORMAT_VERSION_INT AV_VERSION_INT(LIBAVFORMAT_VERSION_MAJOR, \ LIBAVFORMAT_VERSION_MINOR, \ -- cgit v1.2.3