gst-crypto GStreamer插件

内容

gst-crypto概述

RidgeRun的gst-crypto插件是一个GStreamer插件,可以轻松加密或解密通过GStreamer管道传递的内容。gst-crypto将利用任何可用的加密硬件加速器。gst-crypto基于OpenSSL,因此gst-crypto可以支持OpenSSL支持的任何加密技术。该插件支持任何支持opensl的​​加密/解密芯片,仅验证了aes-128-cbc和aes-256-cbc密码。 gst-crypto源代码尚未针对安全性缺陷进行专家审查。

另外,gst-crypto不支持查找和某些多路复用器/多路分解器,请在需要时咨询。解决方案支持解密时进行查找。

gst-crypto GStreamer插件功能

  • 验证aes-128-cbc和aes-256-cbc密码支持
  • 密码或密钥/ iv设置
  • GStreamer 0.10.x支持
  • GStreamer 1.x支持
  • 将摄像头的音频/视频直接捕获到加密的媒体文件中。
  • 解密流音频/视频并渲染到本地显示器/扬声器。

用例范例

GStreamer插件支持

获取所需的任何修改或扩展,以及与其他嵌入式Linux系统(例如Ubuntu,Yocto等)的集成。

在本地Linux PC上构建并运行

在Ubuntu-14.04 64位上测试:

源代码获取

git clone git@github.com:RidgeRun / gst-crypto
cd gst-crypto

GStreamer 0.10.x

git checkout release-0.10

GStreamer 1.x

git checkout release-1.0

注意:也有带标签的版本。

Compilation

./autogen.sh
./configure --libdir=/usr/lib/x86_64-linux-gnu/
make 
sudo make install

插件的位置可能会因系统而异。下表总结了不同设置的一些标准位置

如果不想安装到系统中,可以使用以下命令指定目录路径:

GST_PLUGIN_PATH=src/.libs/ gst-launch ....

gst-crypto源代码

https://github.com/RidgeRun/gst-crypto

SDK集成

可以使用SDK:

GStreamer 0.10.x

注意: v0.10.0gst-crypto-0.10.0.tar.gz)包含一个bug错误,该错误将GStreamer插件命名为gst-crypto而不是crypto。在运行测试管道时,记住这一点。

子目录结构

fs/apps/gst-crypto-0.10.0/Config

 config FS_APPS_GST_CRYPTO
        bool "gst-crypto-0.10.0"
        select FS_APPS_GSTREAMER_PLUGINS_BASE
        help
          This option enables RidgeRuns gst-crypto plugin.

fs/apps/gst-crypto-0.10.0/Makefile

 #$L$
 # Copyright (C) 2015 Ridgerun (http://www.ridgerun.com). 
 ##$L$
 
 PKG_URL=*********************
 PKG_TARBALL=gst-crypto-0.10.0.tar.gz
 PKG_SHA1SUM=61fdeeeb81cc339764a0c637fcd486c3861fa1a8
 
 include ../../../bsp/classes/rrsdk.class
 include $(CLASSES)/gstreamer-plugin.class

fs/apps/gst-crypto-0.10.0/metainfo

 TARGET_REQUIRED="gstreamer gst-plugins-base"

SDK GStreamer configuration

Execution
 `make env`
  make config
Configuration
 File System Configuration  --->
   Select target's file system software  --->
     [*] gst-crypto-0.10.0

GStreamer 1.x

Subdirectory structure

fs/apps/gst-crypto-1.0/Config

 config FS_APPS_GST_CRYPTO
        bool "gst-crypto-1.0"
        select FS_APPS_GSTREAMER_PLUGINS_BASE
        help
          This option enables RidgeRuns gst-crypto plugin.

fs/apps/gst-crypto-1.0/Makefile

 #$L$
 # Copyright (C) 2015 Ridgerun (http://www.ridgerun.com). 
 ##$L$
 
 PKG_URL=https://www.ridgerun.com/packages
 PKG_TARBALL=gst-crypto-1.0.tar.gz
 PKG_SHA1SUM=321bf7787bd4a4667c2f150df84bf6a9c138a15a
 
 include ../../../bsp/classes/rrsdk.class
 include $(CLASSES)/gstreamer-plugin.class

fs/apps/gst-crypto-1.0/metainfo

 TARGET_REQUIRED="gstreamer gst-plugins-base"

RR SDK GStreamer configuration

Execution
`make env`
 make config
Configuration
 File System Configuration  --->
   Select target's file system software  --->
     [*] gst-crypto-1.0

Example pipelines

Test pipeline

GStreamer 0.10.x

On RR SDK after regular installation to /usr/lib/gstreamer-0.10
echo "This is a crypto test ... " > plain.txt && gst-launch filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt
On Ubuntu after default installation to /usr/local/lib/gstreamer.0.10
echo "This is a crypto test ... " > plain.txt && gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=plain.txt ! crypto mode=enc ! gst-crypto mode=dec ! filesink location=dec.txt && cat dec.txt

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

 GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>

GStreamer 1.x

On RR SDK after regular installation to /usr/lib/gstreamer-1.0
echo "This is a crypto test ... " > plain.txt && gst-launch-1.0  filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt
On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
echo "This is a crypto test ... " > plain.txt && gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto  ! <some other elements>

Creating an encrypted video with the openssl tool and playback

Download demo video

wget http://blender-mirror.kino3d.org/peach/bigbuckbunny_movies/big_buck_bunny_720p_surround.avi

Encrypt

openssl enc -k RidgeRun -nosalt -aes-128-cbc -in big_buck_bunny_720p_surround.avi -out big_buck_bunny_720p_surround.avi.enc

Playback

Playback on a local display
GStreamer 0.10.x
On RR SDK after regular installation to /usr/lib/gstreamer-0.10
gst-launch filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10
gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>
GStreamer 1.x
On RR SDK after regular installation to /usr/lib/gstreamer-1.0
gst-launch-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! decodebin ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto  ! <some other elements>
Streaming to a host
On the target board
GStreamer 0.10.x

On RR SDK after regular installation to /usr/lib/gstreamer-0.10 

gst-launch filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10 

gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>
GStreamer 1.x

On RR SDK after regular installation to /usr/lib/gstreamer-1.0 

gst-launch-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0 

gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>
On the host
gst-launch udpsrc port=3000 ! mpegtsdemux ! queue ! decodebin ! fpsdisplaysink sync=true async=false

Encoding/Decoding Playback Pipelines

GStreamer 1.0

  • TS - encrypting with gstcrypto
gst-launch-1.0 -e videotestsrc is-live=true !  x264enc  ! queue ! h264parse ! mpegtsmux !  filesink location=test.ts sync=true
gst-launch-1.0 filesrc location=test.ts ! crypto mode=enc ! filesink location=test.ts.enc
gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • AVI - encrypting with gstcrypto
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi
gst-launch-1.0 filesrc location=test.avi ! crypto mode=enc ! filesink location=test.avi.enc
gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • QuickTime - encrypting with gstcrypto
wget https://download.blender.org/peach/bigbuckbunny_movies/big_buck_bunny_480p_h264.mov
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov ! crypto mode=enc ! filesink location=big_buck_bunny_480p_h264.mov.enc
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.enc ! crypto mode=dec ! filesink location=big_buck_bunny_480p_h264.mov.dec
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.dec ! qtdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • TS - encrypting with openssl
gst-launch-1.0 -e videotestsrc is-live=true !  x264enc  ! queue ! h264parse ! mpegtsmux !  filesink location=test.ts sync=true
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.ts -out test.ts.enc
gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • AVI - encrypting with openssl
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.avi -out test.avi.enc
gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink

Encoding/Decoding Livestream Pipelines

GStreamer 1.0

  • TS - Encrypting Camera livestream with GstCrypto to a file
gst-launch-1.0 -e v4l2src device=/dev/video0 ! queue !  x264enc  ! queue ! h264parse ! mpegtsmux ! queue ! rndbuffersize min=4096 max=4096 !  crypto mode=enc ! filesink location=live.ts.enc
  • TS - Decrypt encoded file from the camera livestream
gst-launch-1.0 filesrc location=live.ts.enc blocksize=4096 ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • TS - Decrypt encoded file to a video file
gst-launch-1.0 filesrc location=live.ts.enc blocksize=4096 ! crypto mode=dec ! queue ! tsparse ! queue ! filesink location=live.ts sync=false

Encoding/Decoding Udpstream

GStreamer 1.0

H264 + Transport Stream
  • Server
gst-launch-1.0 videotestsrc is-live=true pattern=ball ! x264enc ! h264parse ! mpegtsmux ! tsparse ! rndbuffersize min=4096 max=4096  ! queue  ! crypto mode=enc ! queue ! udpsink port=5000
  • Receiver: Decrypt to a file
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! crypto mode=dec  ! queue  ! tsparse ! queue  ! filesink location=udpstream.ts
  • Receiver: Save encrypted udpstream
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! filesink location=udpstream.ts.enc
Jpeg
  • Server
gst-launch-1.0 videotestsrc is-live=true pattern=ball ! jpegenc ! queue ! rndbuffersize min=4096 max=4096  ! queue  ! crypto mode=enc  ! queue ! udpsink port=5000
  • Receiver: Decrypt to a display
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! crypto mode=dec  ! queue  ! jpegparse ! jpegdec  ! queue  ! xvimagesink sync=false

Encoding/Decoding on the Fly

GStreamer 1.0

  • Encoding, decoding and sending output to display in one pipeline
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! jpegenc ! queue ! rndbuffersize min=4096 max=4096 ! crypto mode=enc ! queue  ! crypto mode=dec !  jpegparse  ! jpegdec  ! xvimagesink

使用加密硬件加速

加密硬件加速可以与插件透明使用,并且可以独立配置。

有一些注意事项:

  • MCU是否包括硬件加密单元(例如,i.MX6上的CAAM)?
  • 哪种设置可以提高性能(例如,i.MX6上的数据块大小)?
  • 硬件加密单元和内核驱动程序是否支持要使用的密码?
  • 内核驱动程序是否有效实施?

gst-crypto GStreamer插件的更多相关文章

  1. GStreamer插件分类

    gst-plugins-base一套小而固定的插件,涵盖各种可能类型的elements; 这些在开发系列期间随着核心变化而不断更新.我们相信分销商可以安全地发行这些插件.人们编写插件应该将他们的代码基 ...

  2. gstreamer应用笔记

    gstreamer官网 https://gstreamer.freedesktop.org/ 应用手册 https://gstreamer.freedesktop.org/documentation/ ...

  3. GStreamer基础教程09 - Appsrc及Appsink

    摘要 在我们前面的文章中,我们的Pipline都是使用GStreamer自带的插件去产生/消费数据.在实际的情况中,我们的数据源可能没有相应的gstreamer插件,但我们又需要将数据发送到GStre ...

  4. 【miscellaneous】 GStreamer应用开发手册学习笔记之基础概念介绍

    第3章. 基础概念介绍 本章将介绍GStreamer的基本概念. 理解这些概念对于你后续的学习非常重要,因为后续深入的讲解我们都假定你已经完全理解了这些概念. 3.1. 元件(Elements) 元件 ...

  5. GStreamer基础教程12 - 常用命令工具

    摘要 GStreamer提供了不同的命令行工具用于快速的查看信息以及验证Pipeline的是否能够正确运行,在平时的开发过程中,我们也优先使用GStreamer的命令行工具验证,再将Pipeline集 ...

  6. 【GStreamer开发】GStreamer播放教程08——视频解码的硬件加速

    目标 视频的硬件解码近来发展非常快速,尤其是在低功耗的设备上.本教程会讲述一些硬件加速的背景知识并解释一下GStreamer是怎么做的. 悄悄告诉你,如果设置正确地话,我们什么也不用做,GStream ...

  7. 【miscellaneous】基于gstreamer的实时转码

    目标是实现一个实时转码,可用于IPTV提供节目源.相关工作在ubuntu操作系统下进行.需要对源代码进行修改的时候,直接采用apt-get source命令获取源代码,根据需要进行修改,然后安装,这样 ...

  8. 什么是GStreamer?

    什么是GStreamer? GStreamer是用于创建流媒体应用程序的框架.基本设计来自俄勒冈大学研究生院的视频管道以及DirectShow的一些想法. GStreamer的开发框架使编写任何类型的 ...

  9. 再次安装fedora23的一些遗留问题的解决

    当你习惯了某个版本后, 就不想再更换了. 安装fedora23的磁盘空间 获得? 在安装新的fedora23 的时候, 原来的磁盘没有清空, 于是 就 have not enough free apa ...

随机推荐

  1. 关于Spring Data JPA 多表查询 返回自定义Vo的问题记录

    这两天开了一个新项目,使用SpringBoot+SpringData,  刚做了一个小功能,都是一张表的操作没什么问题,今天设计到了两张表联查,两张表各取了几个字段,组合成了一个vo, 当我用原生sq ...

  2. 【JVM】Java8 和 Java7中JVM内存模型有什么区别

    规范和实现 针对Java虚拟机的实现有专门的<Java虚拟机规范>,在遵守规范的前提下,不同的厂商会对虚拟机进行不同的实现. 就好比开发的过程中定义了接口,具体的接口实现大家可以根据不同的 ...

  3. 手动脱PeCompact 2.20壳实战

    作者:Fly2015 PeCompact壳又是一个没有听说过的壳,需要脱壳的程序是吾爱破解培训的第一课的选修作业四.最近对脱壳有点上瘾了,当然也遭受了脱壳受挫的无奈,但是比较幸运还是把这个壳给搞了. ...

  4. dex文件格式学习

    一.dex文件的生成 我们可以通过java文件来生成一个简单的dex文件 编译过程: 首先编写java代码如下: (1) 编译成 java class 文件 执行命令 : javac Hello.ja ...

  5. Metasploit Framework(MSF)的使用

    目录 Metasploit 安装Metasploit 漏洞利用(exploit) 攻击载荷(payload) Meterpreter MS17_010(永恒之蓝) 辅助模块(探测模块) 漏洞利用模块 ...

  6. android安全学习、工具库、框架

    在介绍android工具之前,先理清android中出现的文件格式: java:android源码 class:java编译后生成: dex: 由dx工具编译class而成,由dalvik执行: sm ...

  7. Win64 驱动内核编程-1.环境搭建

    驱动开发环境及其双机调试环境搭建 开发环境搭建 使用工具:vs2015,Windows 10 SDK_10.0.14393,WDK10.0.14393.0 (1)安装VS2015  随便一个版本吧,我 ...

  8. Windows核心编程 第六章 线程基础知识 (下)

    6.6 线程的一些性质 到现在为止,讲述了如何实现线程函数和如何让系统创建线程以便执行该函数.本节将要介绍系统如何使这些操作获得成功. 图6 - 1显示了系统在创建线程和对线程进行初始化时必须做些什么 ...

  9. 神经网络与机器学习 笔记—单神经元解决XOR问题

    单神经元解决XOR问题 有两个输入的单个神经元的使用得到的决策边界是输入空间的一条直线.在这条直线的一边的所有的点,神经元输出1:而在这条直线的另一边的点,神经元输出0.在输入空间中,这条直线的位置和 ...

  10. Win10 ntoskrnl.exe蓝屏解决

    主机一直用的是无线网卡,装Win10下载驱动.不管是Window10自己更新,还是通过驱动人生.驱动精灵等安装的Killer网卡驱动,均日常导致蓝屏. 状态是这样的:玩游戏蓝屏.检测系统蓝屏.清垃圾蓝 ...