[FFmpeg-devel] [PATCH 4/4] avformat/hlsenc: added HLS encryption

Christian Suloway csuloway at row44.com
Mon Dec 1 19:55:31 CET 2014


HLS encryption with key URL & key containing file specified with
-hls_key_info_file (key info updates when modified). Option for IV from
segment number or random generation (-hls_random_iv).

Signed-off-by: Christian Suloway <csuloway at globaleagleent.com>
---
 libavformat/hlsenc.c | 225 +++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 218 insertions(+), 7 deletions(-)

diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c
index 11817a9..c7bd1be 100644
--- a/libavformat/hlsenc.c
+++ b/libavformat/hlsenc.c
@@ -33,16 +33,23 @@
 #include "libavutil/avstring.h"
 #include "libavutil/opt.h"
 #include "libavutil/log.h"
+#include "libavutil/lfg.h"
+#include "libavutil/random_seed.h"
 
 #include "avformat.h"
 #include "internal.h"
 
+#define BLOCKSIZE 16
+
 typedef struct HLSSegment {
     char *filename;
     double duration; /* in seconds */
     int64_t pos;
     int64_t size;
 
+    char *key_uri;
+    char *iv_string;
+
     struct HLSSegment *next;
 } HLSSegment;
 
@@ -88,12 +95,25 @@ typedef struct HLSContext {
 
     char *segment_filename;
 
+    char *key_info_file;
+    int random_iv;
+    int encrypt;
+
+    char *key_file;
+    char *key_uri;
+    char *key_string;
+    char *iv_string;
+
+    AVLFG *lfg;
+
     AVIOContext *pb;
 } HLSContext;
 
 static void hls_free_segment(HLSSegment *en)
 {
     av_freep(&en->filename);
+    av_freep(&en->key_uri);
+    av_freep(&en->iv_string);
     av_freep(&en);
 }
 
@@ -143,6 +163,137 @@ static int hls_delete_old_segments(HLSContext *hls) {
     return 0;
 }
 
+static int hls_encryption_init(AVFormatContext *s)
+{
+    HLSContext *hls = s->priv_data;
+
+    hls->key_file = NULL;
+    hls->key_uri = NULL;
+    hls->key_string = NULL;
+    hls->iv_string = NULL;
+
+    if (hls->key_info_file) {
+        hls->encrypt = 1;
+    } else {
+        hls->encrypt = 0;
+        return 0;
+    }
+
+    if (hls->random_iv) {
+        hls->lfg = av_malloc(sizeof(AVLFG));
+        av_lfg_init(hls->lfg, av_get_random_seed());
+    } else
+        hls->lfg = NULL;
+
+    return 0;
+}
+
+static int hls_encryption_start(HLSContext *hls) {
+
+    uint8_t *iv = NULL;
+    int ret, i, j, rotate_iv = 0;
+    unsigned int u;
+    AVIOContext *pb = NULL;
+    AVIOContext *dyn_buf = NULL;
+    uint8_t buf[1024], *tmp;
+    char *p, *tstr, *saveptr = NULL;
+    char key[BLOCKSIZE], *key_string;
+
+    if ((ret = avio_open(&pb, hls->key_info_file, AVIO_FLAG_READ)) < 0) {
+        av_log(hls, AV_LOG_ERROR, "error opening key info file %s\n",
+                                  hls->key_info_file);
+        return ret;
+    }
+    ret = avio_open_dyn_buf(&dyn_buf);
+    if (ret < 0) {
+        avio_closep(&pb);
+        return ret;
+    }
+
+    while ((ret = avio_read(pb, buf, sizeof(buf))) > 0)
+        avio_write(dyn_buf, buf, ret);
+    avio_w8(dyn_buf, 0);
+    avio_closep(&pb);
+
+    if ((ret = avio_close_dyn_buf(dyn_buf, &tmp)) < 0)
+        return ret;
+
+    p = tmp;
+    if (!(tstr = av_strtok(p, "\n", &saveptr)) || !*tstr) {
+        av_log(hls, AV_LOG_ERROR, "no key URL specified in key info file %s\n",
+                                  hls->key_info_file);
+        return AVERROR(EINVAL);
+    }
+    p = NULL;
+    av_free(hls->key_uri);
+    hls->key_uri = av_strdup(tstr);
+    if (!hls->key_uri)
+        return AVERROR(ENOMEM);
+    if (!(tstr = av_strtok(p, "\n", &saveptr)) || !*tstr) {
+        av_log(hls, AV_LOG_ERROR, "no key file specified in key info file %s\n",
+                                  hls->key_info_file);
+        return AVERROR(EINVAL);
+    }
+    av_free(hls->key_file);
+    hls->key_file = av_strdup(tstr);
+    if (!hls->key_file)
+        return AVERROR(ENOMEM);
+    av_free(tmp);
+
+    if ((ret = avio_open(&pb, hls->key_file, AVIO_FLAG_READ)) < 0) {
+        av_log(hls, AV_LOG_ERROR, "error opening key file %s\n",
+                                  hls->key_file);
+        return ret;
+    }
+
+    ret = avio_read(pb, key, sizeof(key));
+    avio_closep(&pb);
+    if (ret < sizeof(key)) {
+        av_log(hls, AV_LOG_ERROR, "error reading key file %s\n",
+                                  hls->key_file);
+        return ret;
+    }
+
+    key_string = av_mallocz(BLOCKSIZE*2 + 1);
+    if (!key_string)
+        return AVERROR(ENOMEM);
+    ff_data_to_hex(key_string, key, BLOCKSIZE, 0);
+    if (!hls->key_string || strncmp(key_string, hls->key_string, BLOCKSIZE*2)) {
+        av_free(hls->key_string);
+        hls->key_string = key_string;
+        rotate_iv = 1;
+    } else {
+        av_free(key_string);
+    }
+
+    if (!hls->random_iv) {
+        iv = av_mallocz(BLOCKSIZE);
+        if (!iv)
+            return AVERROR(ENOMEM);
+        for (i = 0; i < 8; i++)
+            iv[BLOCKSIZE - 1 - i ] = (hls->sequence >> i*8) & 0xff;
+    } else if (!hls->iv_string || rotate_iv) {
+        iv = av_malloc(BLOCKSIZE);
+        if (!iv)
+            return AVERROR(ENOMEM);
+        for (i = 0; i < BLOCKSIZE/4; i++) {
+            u = av_lfg_get(hls->lfg);
+            for (j = 0; j < 4; j++)
+                iv[i*4 + j] = (u >> j*8) & 0xff;
+        }
+    }
+    if (iv) {
+        av_free(hls->iv_string);
+        hls->iv_string = av_mallocz(BLOCKSIZE*2 + 1);
+        if (!hls->iv_string)
+            return AVERROR(ENOMEM);
+        ff_data_to_hex(hls->iv_string, iv, BLOCKSIZE, 0);
+        av_free(iv);
+    }
+
+    return 0;
+}
+
 static int hls_mux_init(AVFormatContext *s)
 {
     HLSContext *hls = s->priv_data;
@@ -191,6 +342,18 @@ static int hls_append_segment(HLSContext *hls, double duration, int64_t pos,
     en->size     = size;
     en->next     = NULL;
 
+    if (hls->encrypt) {
+        en->key_uri = av_strdup(hls->key_uri);
+        if (!en->key_uri)
+            return AVERROR(ENOMEM);
+        en->iv_string = av_strdup(hls->iv_string);
+        if (!en->iv_string)
+            return AVERROR(ENOMEM);
+    } else {
+        en->key_uri = NULL;
+        en->iv_string = NULL;
+    }
+
     if (!hls->segments)
         hls->segments = en;
     else
@@ -228,6 +391,14 @@ static void hls_free_segments(HLSSegment *p)
     }
 }
 
+static void print_encryption_tag(HLSContext *hls, HLSSegment *en)
+{
+    avio_printf(hls->pb, "#EXT-X-KEY:METHOD=AES-128,URI=\"%s\"", en->key_uri);
+    if (hls->random_iv)
+        avio_printf(hls->pb, ",IV=0x%s", en->iv_string);
+    avio_printf(hls->pb, "\n");
+}
+
 static int hls_window(AVFormatContext *s, int last)
 {
     HLSContext *hls = s->priv_data;
@@ -236,6 +407,8 @@ static int hls_window(AVFormatContext *s, int last)
     int ret = 0;
     int64_t sequence = FFMAX(hls->start_sequence, hls->sequence - hls->nb_entries);
     int version = hls->flags & HLS_SINGLE_FILE ? 4 : 3;
+    char *key_uri = NULL;
+    char *iv_string = NULL;
 
     if ((ret = avio_open2(&hls->pb, s->filename, AVIO_FLAG_WRITE,
                           &s->interrupt_callback, NULL)) < 0)
@@ -258,6 +431,16 @@ static int hls_window(AVFormatContext *s, int last)
            sequence);
 
     for (en = hls->segments; en; en = en->next) {
+        if (hls->encrypt) {
+            if (!key_uri || av_strcasecmp(en->key_uri, key_uri) ||
+                hls->random_iv &&
+                (!iv_string || av_strcasecmp(en->iv_string, iv_string))) {
+                print_encryption_tag(hls, en);
+                key_uri = en->key_uri;
+                iv_string = en->iv_string;
+            }
+        }
+
         avio_printf(hls->pb, "#EXTINF:%f,\n", en->duration);
         if (hls->flags & HLS_SINGLE_FILE)
              avio_printf(hls->pb, "#EXT-X-BYTERANGE:%"PRIi64"@%"PRIi64"\n",
@@ -280,6 +463,8 @@ static int hls_start(AVFormatContext *s)
     HLSContext *c = s->priv_data;
     AVFormatContext *oc = c->avf;
     int err = 0;
+    AVDictionary *options = NULL;
+    const char *prefix = "crypto:";
     int filename_size;
     char *filename;
 
@@ -294,17 +479,32 @@ static int hls_start(AVFormatContext *s)
         }
     c->number++;
 
-    filename_size = strlen(c->dirname) + strlen(oc->filename) + 1;
-    filename = av_malloc(filename_size);
-    if (!filename)
-        return AVERROR(ENOMEM);
-    *filename = '\0';
+    if (c->encrypt) {
+        if ((err = hls_encryption_start(c)) < 0)
+            return err;
+        av_dict_set(&options, "encryption_key", c->key_string, 0);
+        av_dict_set(&options, "encryption_iv", c->iv_string, 0);
+
+        filename_size = strlen(prefix) + strlen(c->dirname) \
+                                       + strlen(oc->filename) + 1;
+        filename = av_malloc(filename_size);
+        if (!filename)
+            return AVERROR(ENOMEM);
+        av_strlcpy(filename, prefix, filename_size);
+    } else {
+        filename_size = strlen(c->dirname) + strlen(oc->filename) + 1;
+        filename = av_malloc(filename_size);
+        if (!filename)
+            return AVERROR(ENOMEM);
+        *filename = '\0';
+    }
     av_strlcat(filename, c->dirname, filename_size);
     av_strlcat(filename, oc->filename, filename_size);
 
     err = avio_open2(&oc->pb, filename, AVIO_FLAG_WRITE,
-                     &s->interrupt_callback, NULL);
+                     &s->interrupt_callback, &options);
     av_free(filename);
+    av_dict_free(&options);
     if (err < 0)
         return err;
 
@@ -392,6 +592,9 @@ static int hls_write_header(AVFormatContext *s)
 
     *basename = '\0';
 
+    if ((ret = hls_encryption_init(s)) < 0)
+        goto fail;
+
     if ((ret = hls_mux_init(s)) < 0)
         goto fail;
 
@@ -502,9 +705,15 @@ static int hls_write_trailer(struct AVFormatContext *s)
     hls->avf = NULL;
     hls_window(s, 1);
 
+    av_free(hls->dirname);
+    av_free(hls->key_file);
+    av_free(hls->key_uri);
+    av_free(hls->key_string);
+    av_free(hls->iv_string);
+    av_free(hls->lfg);
+
     hls_free_segments(hls->segments);
     hls_free_segments(hls->old_segments);
-    av_free(hls->dirname);
 
     avio_close(hls->pb);
 
@@ -525,6 +734,8 @@ static const AVOption options[] = {
     {"hls_flags",     "set flags affecting HLS playlist and media file generation", OFFSET(flags), AV_OPT_TYPE_FLAGS, {.i64 = 0 }, 0, UINT_MAX, E, "flags"},
     {"single_file",   "generate a single media file indexed with byte ranges", 0, AV_OPT_TYPE_CONST, {.i64 = HLS_SINGLE_FILE }, 0, UINT_MAX,   E, "flags"},
     {"hls_segment_filename", "filename template for segment files", OFFSET(segment_filename),   AV_OPT_TYPE_STRING, {.str = NULL},            0,       0,         E},
+    {"hls_key_info_file",    "file with key URL and key file path", OFFSET(key_info_file),      AV_OPT_TYPE_STRING, {.str = NULL},            0,       0,         E},
+    {"hls_random_iv",        "randomize initialization vector",     OFFSET(random_iv),          AV_OPT_TYPE_INT,    {.i64 = 0},               0,       1,         E},
 
     { NULL },
 };
-- 
1.9.3 (Apple Git-50)



More information about the ffmpeg-devel mailing list