[FFmpeg-devel] [PATCH V3 2/2] lavf/libsrt: enable other encryption parameters

Michael Niedermayer michael at niedermayer.cc
Tue Dec 3 17:01:39 EET 2019


On Tue, Dec 03, 2019 at 06:57:27PM +0800, Jun Zhao wrote:
> From: Jun Zhao <barryjzhao at tencent.com>
> 
> Enable the SRTO_ENFORCEDENCRYPTION/SRTO_KMREFRESHRATE/
> SRTO_KMPREANNOUNCE for srt encryption control.
> 
> Signed-off-by: Jun Zhao <barryjzhao at tencent.com>
> ---
>  doc/protocols.texi   |   16 ++++++++++++++++
>  libavformat/libsrt.c |   18 ++++++++++++++++++
>  2 files changed, 34 insertions(+), 0 deletions(-)
> 
> diff --git a/doc/protocols.texi b/doc/protocols.texi
> index eab6242..04f6e8b 100644
> --- a/doc/protocols.texi
> +++ b/doc/protocols.texi
> @@ -1282,6 +1282,22 @@ only if @option{pbkeylen} is non-zero. It is used on
>  the receiver only if the received data is encrypted.
>  The configured passphrase cannot be recovered (write-only).
>  
> + at item enforced_encryption=@var{1|0}
> +If true, both connection parties must have the same password
> +set (including empty, that is, with no encryption). If the
> +password doesn't match or only one side is unencrypted,
> +the connection is rejected. Default is true.
> +
> + at item kmrefreshrate=@var{n}
> +The number of packets to be transmitted after which the
> +encryption key is switched to a new key.
> +
> + at item kmpreannounce=@var{n}
> +The interval between when a new encryption key is sent and
> +when switchover occurs. This value also applies to the
> +subsequent interval between when switchover occurs and
> +when the old encryption key is decommissioned.
> +
>  @item payload_size=@var{bytes}
>  Sets the maximum declared size of a packet transferred
>  during the single call to the sending function in Live
> diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c
> index 0a748a1..06f2c02 100644
> --- a/libavformat/libsrt.c
> +++ b/libavformat/libsrt.c
> @@ -62,6 +62,9 @@ typedef struct SRTContext {
>      int64_t maxbw;
>      int pbkeylen;
>      char *passphrase;
> +    int enforced_encryption;
> +    int kmrefreshrate;
> +    int kmpreannounce;
>      int mss;
>      int ffs;
>      int ipttl;

> @@ -102,6 +105,9 @@ static const AVOption libsrt_options[] = {
>      { "maxbw",          "Maximum bandwidth (bytes per second) that the connection can use",     OFFSET(maxbw),            AV_OPT_TYPE_INT64,    { .i64 = -1 }, -1, INT64_MAX, .flags = D|E },
>      { "pbkeylen",       "Crypto key len in bytes {16,24,32} Default: 16 (128-bit)",             OFFSET(pbkeylen),         AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 32,        .flags = D|E },
>      { "passphrase",     "Crypto PBKDF2 Passphrase size[0,10..64] 0:disable crypto",             OFFSET(passphrase),       AV_OPT_TYPE_STRING,   { .str = NULL },              .flags = D|E },

> +    { "enforced_encryption",      "Enforces that both connection parties have the same passphrase set ", OFFSET(enforced_encryption),        AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 1,         .flags = D|E },

is this intended to be INT and not AV_OPT_TYPE_BOOL ?


> +    { "kmrefreshrate",         "The number of packets to be transmitted after which the encryption key is switched to a new key", OFFSET(kmrefreshrate),           AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, INT_MAX,   .flags = D|E },
> +    { "kmpreannounce",         "The interval between when a new encryption key is sent and when switchover occurs", OFFSET(kmpreannounce),           AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, INT_MAX,   .flags = D|E },
>      { "mss",            "The Maximum Segment Size",                                             OFFSET(mss),              AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 1500,      .flags = D|E },
>      { "ffs",            "Flight flag size (window size) (in bytes)",                            OFFSET(ffs),              AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, INT_MAX,   .flags = D|E },
>      { "ipttl",          "IP Time To Live",                                                      OFFSET(ipttl),            AV_OPT_TYPE_INT,      { .i64 = -1 }, -1, 255,       .flags = D|E },

The added options are alot more randomly formated than the surrounding ones

otherwise the patch should be good

thx


[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

When you are offended at any man's fault, turn to yourself and study your
own failings. Then you will forget your anger. -- Epictetus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20191203/a9ec2078/attachment.sig>


More information about the ffmpeg-devel mailing list