[FFmpeg-devel] [PATCH] libaf/hlsenc: allow dynamic encryption key rotation
DeHackEd
git at dehacked.net
Sat Aug 5 06:20:12 EEST 2017
On 08/04/2017 10:36 PM, Steven Liu wrote:
> 2017-08-05 8:17 GMT+08:00 DeHackEd <git at dehacked.net>:
>> Signed-off-by: DHE <git at dehacked.net>
>> ---
>> doc/muxers.texi | 7 ++++++-
>> libavformat/hlsenc.c | 4 +++-
>> 2 files changed, 9 insertions(+), 2 deletions(-)
>>
>> diff --git a/doc/muxers.texi b/doc/muxers.texi
>> index 94472ce..a7324a4 100644
>> --- a/doc/muxers.texi
>> +++ b/doc/muxers.texi
>> @@ -551,7 +551,7 @@ format. The optional third line specifies the initialization vector (IV) as a
>> hexadecimal string to be used instead of the segment sequence number (default)
>> for encryption. Changes to @var{key_info_file} will result in segment
>> encryption with the new key/IV and an entry in the playlist for the new key
>> -URI/IV.
>> +URI/IV if @code{hls_flags periodic_rekey} is enabled.
>>
>> Key info file format:
>> @example
>> @@ -665,6 +665,11 @@ first segment's information.
>> @item omit_endlist
>> Do not append the @code{EXT-X-ENDLIST} tag at the end of the playlist.
>>
>> + at item periodic_rekey
>> +The file specified by @code{hls_key_info} will be checked periodically and
>> +detect updates to the encryption info. Be sure to replace this file atomically,
>> +including the file containing the AES encryption key.
>> +
>> @item split_by_time
>> Allow segments to start on frames other than keyframes. This improves
>> behavior on some players when the time between keyframes is inconsistent,
>> diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c
>> index 5cf8c89..4d2e7fb 100644
>> --- a/libavformat/hlsenc.c
>> +++ b/libavformat/hlsenc.c
>> @@ -85,6 +85,7 @@ typedef enum HLSFlags {
>> HLS_SECOND_LEVEL_SEGMENT_DURATION = (1 << 9), // include segment duration (microsec) in segment filenames when use_localtime e.g.: %%09t
>> HLS_SECOND_LEVEL_SEGMENT_SIZE = (1 << 10), // include segment size (bytes) in segment filenames when use_localtime e.g.: %%014s
>> HLS_TEMP_FILE = (1 << 11),
>> + HLS_PERIODIC_REKEY = (1 << 12),
>> } HLSFlags;
>>
>> typedef enum {
>> @@ -1236,7 +1237,7 @@ static int hls_start(AVFormatContext *s)
>> " will use -hls_key_info_file priority\n");
>> }
>>
>> - if (c->number <= 1) {
>> + if (c->number <= 1 && !(c->flags & HLS_PERIODIC_REKEY)) {
> it will always false when use HLS_PERIODIC_REKEY, then will not enable
> hls encryption.
Oops. Yeah I screwed that up pretty bad. I'll redo it.
>> if (c->key_info_file) {
>> if ((err = hls_encryption_start(s)) < 0)
>> goto fail;
>> @@ -1804,6 +1805,7 @@ static const AVOption options[] = {
>> {"second_level_segment_index", "include segment index in segment filenames when use_localtime", 0, AV_OPT_TYPE_CONST, {.i64 = HLS_SECOND_LEVEL_SEGMENT_INDEX }, 0, UINT_MAX, E, "flags"},
>> {"second_level_segment_duration", "include segment duration in segment filenames when use_localtime", 0, AV_OPT_TYPE_CONST, {.i64 = HLS_SECOND_LEVEL_SEGMENT_DURATION }, 0, UINT_MAX, E, "flags"},
>> {"second_level_segment_size", "include segment size in segment filenames when use_localtime", 0, AV_OPT_TYPE_CONST, {.i64 = HLS_SECOND_LEVEL_SEGMENT_SIZE }, 0, UINT_MAX, E, "flags"},
>> + {"periodic_rekey", "reload keyinfo file periodically for re-keying", 0, AV_OPT_TYPE_CONST, {.i64 = HLS_PERIODIC_REKEY }, 0, UINT_MAX, E, "flags"},
>> {"use_localtime", "set filename expansion with strftime at segment creation", OFFSET(use_localtime), AV_OPT_TYPE_BOOL, {.i64 = 0 }, 0, 1, E },
>> {"use_localtime_mkdir", "create last directory component in strftime-generated filename", OFFSET(use_localtime_mkdir), AV_OPT_TYPE_BOOL, {.i64 = 0 }, 0, 1, E },
>> {"hls_playlist_type", "set the HLS playlist type", OFFSET(pl_type), AV_OPT_TYPE_INT, {.i64 = PLAYLIST_TYPE_NONE }, 0, PLAYLIST_TYPE_NB-1, E, "pl_type" },
>> --
>> 1.8.4.1
>> _______________________________________________
>> ffmpeg-devel mailing list
>> ffmpeg-devel at ffmpeg.org
>> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
More information about the ffmpeg-devel
mailing list