Partially based on Christian Suloway <csulo...@globaleagleent.com> work. --- libavformat/hlsenc.c | 189 ++++++++++++++++++++++++++++++++++++++++++++++----- libavutil/opt.c | 1 + 2 files changed, 172 insertions(+), 18 deletions(-)
diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c index 96b780f..5990adb 100644 --- a/libavformat/hlsenc.c +++ b/libavformat/hlsenc.c @@ -25,7 +25,9 @@ #include "libavutil/mathematics.h" #include "libavutil/parseutils.h" #include "libavutil/avstring.h" +#include "libavutil/intreadwrite.h" #include "libavutil/opt.h" +#include "libavutil/random_seed.h" #include "libavutil/log.h" #include "avformat.h" @@ -60,8 +62,93 @@ typedef struct HLSContext { ListEntry *end_list; char *basename; char *baseurl; + + int encrypt; // Set by a private option. + char *key; // Set by a private option. + char *key_url; // Set by a private option. + char *iv; // Set by a private option. + + char *key_basename; + + AVDictionary *enc_opts; } HLSContext; +static void fill_random(char hex[33]) +{ + uint8_t buf[16]; + int i; + + for (i = 0; i < sizeof(buf); i++) + buf[i] = av_get_random_seed(); + + ff_data_to_hex(hex, buf, sizeof(buf), 0); + hex[32] = '\0'; +} + +static void free_encryption(AVFormatContext *s) +{ + HLSContext *hls = s->priv_data; + + av_dict_free(&hls->enc_opts); + + av_freep(&hls->key_basename); +} + +static int setup_encryption(AVFormatContext *s) +{ + HLSContext *hls = s->priv_data; + AVIOContext *out = NULL; + int len, ret; + uint8_t buf[16]; + char key[33], *k; + + len = strlen(hls->basename) + 4 + 1; + hls->key_basename = av_mallocz(len); + if (!hls->key_basename) + return AVERROR(ENOMEM); + + av_strlcpy(hls->key_basename, hls->basename + 7, len); + av_strlcat(hls->key_basename, ".key", len); + + if (hls->key) { + if ((len = ff_hex_to_data(NULL, hls->key)) != 16) { + av_log(s, AV_LOG_ERROR, "Invalid key size %d, expected 16-bytes hex-coded key\n", len); + return AVERROR(EINVAL); + } + if ((ret = av_dict_set(&hls->enc_opts, "key", hls->key, 0)) < 0) + return ret; + k = hls->key; + } else { + fill_random(key); + + av_log(s, AV_LOG_VERBOSE, "Using key: %s\n", key); + + if ((ret = av_dict_set(&hls->enc_opts, "key", key, 0)) < 0) + return ret; + k = key; + } + + if (hls->iv) { + if ((len = ff_hex_to_data(NULL, hls->iv)) != 16) { + av_log(s, AV_LOG_ERROR, "Invalid key size %d, expected 16-bytes hex-coded initialization vector\n", len); + return AVERROR(EINVAL); + } + if ((ret = av_dict_set(&hls->enc_opts, "iv", hls->iv, 0)) < 0) + return ret; + } + + if ((ret = s->io_open(s, &out, hls->key_basename, AVIO_FLAG_WRITE, NULL)) < 0) + return ret; + + ff_hex_to_data(buf, k); + + avio_write(out, buf, 16); + + avio_close(out); + + return 0; +} + static int hls_mux_init(AVFormatContext *s) { HLSContext *hls = s->priv_data; @@ -165,6 +252,24 @@ static int hls_window(AVFormatContext *s, int last) sequence); for (en = hls->list; en; en = en->next) { + if (hls->encrypt) { + char *key_url; + + if (hls->key_url) + key_url = hls->key_url; + else + key_url = hls->baseurl; + + avio_printf(out, "#EXT-X-KEY:METHOD=AES-128"); + avio_printf(out, ",URI=\""); + if (key_url) + avio_printf(out, "%s", key_url); + avio_printf(out, "%s\"", av_basename(hls->key_basename)); + if (hls->iv) + avio_printf(out, ",IV=\"0x%s\"", hls->iv); + avio_printf(out, "\n"); + } + if (hls->version > 2) avio_printf(out, "#EXTINF:%f\n", (double)en->duration / AV_TIME_BASE); @@ -191,18 +296,75 @@ static int hls_start(AVFormatContext *s) HLSContext *c = s->priv_data; AVFormatContext *oc = c->avf; int err = 0; + AVDictionary *opts = NULL; + if (av_get_frame_filename(oc->filename, sizeof(oc->filename), c->basename, c->wrap ? c->sequence % c->wrap : c->sequence) < 0) return AVERROR(EINVAL); c->number++; - if ((err = s->io_open(s, &oc->pb, oc->filename, AVIO_FLAG_WRITE, NULL)) < 0) + if (c->encrypt) { + if ((err = av_dict_copy(&opts, c->enc_opts, 0)) < 0) + return err; + if (!c->iv) { + uint8_t iv[16] = { 0 }; + char buf[33]; + + AV_WB64(iv + 8, c->sequence); + ff_data_to_hex(buf, iv, sizeof(iv), 0); + buf[32] = '\0'; + + if ((err = av_dict_set(&opts, "iv", buf, 0)) < 0) + goto fail; + } + } + + if ((err = s->io_open(s, &oc->pb, oc->filename, AVIO_FLAG_WRITE, &opts)) < 0) return err; if (oc->oformat->priv_class && oc->priv_data) av_opt_set(oc->priv_data, "mpegts_flags", "resend_headers", 0); +fail: + av_dict_free(&opts); + + return err; +} + +static int hls_setup(AVFormatContext *s) +{ + HLSContext *hls = s->priv_data; + const char *pattern = "%d.ts"; + int basename_size = strlen(s->filename) + strlen(pattern) + 1; + char *p; + + if (hls->encrypt) + basename_size += 7; + + hls->basename = av_mallocz(basename_size); + if (!hls->basename) + return AVERROR(ENOMEM); + + // TODO: support protocol nesting? + if (hls->encrypt) + strcpy(hls->basename, "crypto:"); + + av_strlcat(hls->basename, s->filename, basename_size); + + p = strrchr(hls->basename, '.'); + + if (p) + *p = '\0'; + + if (hls->encrypt) { + int ret = setup_encryption(s); + if (ret < 0) + return ret; + } + + av_strlcat(hls->basename, pattern, basename_size); + return 0; } @@ -210,9 +372,6 @@ static int hls_write_header(AVFormatContext *s) { HLSContext *hls = s->priv_data; int ret, i; - char *p; - const char *pattern = "%d.ts"; - int basename_size = strlen(s->filename) + strlen(pattern) + 1; hls->sequence = hls->start_sequence; hls->recording_time = hls->time * AV_TIME_BASE; @@ -234,21 +393,8 @@ static int hls_write_header(AVFormatContext *s) goto fail; } - hls->basename = av_malloc(basename_size); - - if (!hls->basename) { - ret = AVERROR(ENOMEM); + if ((ret = hls_setup(s)) < 0) goto fail; - } - - strcpy(hls->basename, s->filename); - - p = strrchr(hls->basename, '.'); - - if (p) - *p = '\0'; - - av_strlcat(hls->basename, pattern, basename_size); if ((ret = hls_mux_init(s)) < 0) goto fail; @@ -265,6 +411,8 @@ fail: av_free(hls->basename); if (hls->avf) avformat_free_context(hls->avf); + + free_encryption(s); } return ret; } @@ -332,6 +480,7 @@ static int hls_write_trailer(struct AVFormatContext *s) hls_window(s, 1); free_entries(hls); + free_encryption(s); return 0; } @@ -345,6 +494,10 @@ static const AVOption options[] = { {"hls_allow_cache", "explicitly set whether the client MAY (1) or MUST NOT (0) cache media segments", OFFSET(allowcache), AV_OPT_TYPE_INT, {.i64 = -1}, INT_MIN, INT_MAX, E}, {"hls_base_url", "url to prepend to each playlist entry", OFFSET(baseurl), AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, E}, {"hls_version", "protocol version", OFFSET(version), AV_OPT_TYPE_INT, {.i64 = 3}, 2, 3, E}, + {"hls_enc", "AES128 encryption support", OFFSET(encrypt), AV_OPT_TYPE_INT, {.i64 = 0}, 0, 1, E}, + {"hls_enc_key", "use the specified hex-coded 16byte key to encrypt the segments", OFFSET(key), AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, E}, + {"hls_enc_key_url", "url to access the key to decrypt the segments", OFFSET(key_url), AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, E}, + {"hls_enc_iv", "use the specified hex-coded 16byte initialization vector", OFFSET(iv), AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, E}, { NULL }, }; diff --git a/libavutil/opt.c b/libavutil/opt.c index 7cb3d66..ff13f73 100644 --- a/libavutil/opt.c +++ b/libavutil/opt.c @@ -744,6 +744,7 @@ int av_opt_set_dict(void *obj, AVDictionary **options) av_dict_set(&tmp, t->key, t->value, 0); else if (ret < 0) { av_log(obj, AV_LOG_ERROR, "Error setting option %s to value %s.\n", t->key, t->value); + abort(); break; } ret = 0; -- 2.9.2 _______________________________________________ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel