gst-crypto GStreamer插件

内容

gst-crypto概述

RidgeRun的gst-crypto插件是一个GStreamer插件,可以轻松加密或解密通过GStreamer管道传递的内容。gst-crypto将利用任何可用的加密硬件加速器。gst-crypto基于OpenSSL,因此gst-crypto可以支持OpenSSL支持的任何加密技术。该插件支持任何支持opensl的​​加密/解密芯片,仅验证了aes-128-cbc和aes-256-cbc密码。 gst-crypto源代码尚未针对安全性缺陷进行专家审查。

另外,gst-crypto不支持查找和某些多路复用器/多路分解器,请在需要时咨询。解决方案支持解密时进行查找。

gst-crypto GStreamer插件功能

  • 验证aes-128-cbc和aes-256-cbc密码支持
  • 密码或密钥/ iv设置
  • GStreamer 0.10.x支持
  • GStreamer 1.x支持
  • 将摄像头的音频/视频直接捕获到加密的媒体文件中。
  • 解密流音频/视频并渲染到本地显示器/扬声器。

用例范例

GStreamer插件支持

获取所需的任何修改或扩展,以及与其他嵌入式Linux系统(例如Ubuntu,Yocto等)的集成。

在本地Linux PC上构建并运行

在Ubuntu-14.04 64位上测试:

源代码获取

git clone git@github.com:RidgeRun / gst-crypto
cd gst-crypto

GStreamer 0.10.x

git checkout release-0.10

GStreamer 1.x

git checkout release-1.0

注意:也有带标签的版本。

Compilation

./autogen.sh
./configure --libdir=/usr/lib/x86_64-linux-gnu/
make 
sudo make install

插件的位置可能会因系统而异。下表总结了不同设置的一些标准位置

如果不想安装到系统中,可以使用以下命令指定目录路径:

GST_PLUGIN_PATH=src/.libs/ gst-launch ....

gst-crypto源代码

https://github.com/RidgeRun/gst-crypto

SDK集成

可以使用SDK:

GStreamer 0.10.x

注意: v0.10.0gst-crypto-0.10.0.tar.gz)包含一个bug错误,该错误将GStreamer插件命名为gst-crypto而不是crypto。在运行测试管道时,记住这一点。

子目录结构

fs/apps/gst-crypto-0.10.0/Config

 config FS_APPS_GST_CRYPTO
        bool "gst-crypto-0.10.0"
        select FS_APPS_GSTREAMER_PLUGINS_BASE
        help
          This option enables RidgeRuns gst-crypto plugin.

fs/apps/gst-crypto-0.10.0/Makefile

 #$L$
 # Copyright (C) 2015 Ridgerun (http://www.ridgerun.com). 
 ##$L$
 
 PKG_URL=*********************
 PKG_TARBALL=gst-crypto-0.10.0.tar.gz
 PKG_SHA1SUM=61fdeeeb81cc339764a0c637fcd486c3861fa1a8
 
 include ../../../bsp/classes/rrsdk.class
 include $(CLASSES)/gstreamer-plugin.class

fs/apps/gst-crypto-0.10.0/metainfo

 TARGET_REQUIRED="gstreamer gst-plugins-base"

SDK GStreamer configuration

Execution
 `make env`
  make config
Configuration
 File System Configuration  --->
   Select target's file system software  --->
     [*] gst-crypto-0.10.0

GStreamer 1.x

Subdirectory structure

fs/apps/gst-crypto-1.0/Config

 config FS_APPS_GST_CRYPTO
        bool "gst-crypto-1.0"
        select FS_APPS_GSTREAMER_PLUGINS_BASE
        help
          This option enables RidgeRuns gst-crypto plugin.

fs/apps/gst-crypto-1.0/Makefile

 #$L$
 # Copyright (C) 2015 Ridgerun (http://www.ridgerun.com). 
 ##$L$
 
 PKG_URL=https://www.ridgerun.com/packages
 PKG_TARBALL=gst-crypto-1.0.tar.gz
 PKG_SHA1SUM=321bf7787bd4a4667c2f150df84bf6a9c138a15a
 
 include ../../../bsp/classes/rrsdk.class
 include $(CLASSES)/gstreamer-plugin.class

fs/apps/gst-crypto-1.0/metainfo

 TARGET_REQUIRED="gstreamer gst-plugins-base"

RR SDK GStreamer configuration

Execution
`make env`
 make config
Configuration
 File System Configuration  --->
   Select target's file system software  --->
     [*] gst-crypto-1.0

Example pipelines

Test pipeline

GStreamer 0.10.x

On RR SDK after regular installation to /usr/lib/gstreamer-0.10
echo "This is a crypto test ... " > plain.txt && gst-launch filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt
On Ubuntu after default installation to /usr/local/lib/gstreamer.0.10
echo "This is a crypto test ... " > plain.txt && gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=plain.txt ! crypto mode=enc ! gst-crypto mode=dec ! filesink location=dec.txt && cat dec.txt

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

 GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>

GStreamer 1.x

On RR SDK after regular installation to /usr/lib/gstreamer-1.0
echo "This is a crypto test ... " > plain.txt && gst-launch-1.0  filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt
On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
echo "This is a crypto test ... " > plain.txt && gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto  ! <some other elements>

Creating an encrypted video with the openssl tool and playback

Download demo video

wget http://blender-mirror.kino3d.org/peach/bigbuckbunny_movies/big_buck_bunny_720p_surround.avi

Encrypt

openssl enc -k RidgeRun -nosalt -aes-128-cbc -in big_buck_bunny_720p_surround.avi -out big_buck_bunny_720p_surround.avi.enc

Playback

Playback on a local display
GStreamer 0.10.x
On RR SDK after regular installation to /usr/lib/gstreamer-0.10
gst-launch filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10
gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>
GStreamer 1.x
On RR SDK after regular installation to /usr/lib/gstreamer-1.0
gst-launch-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! decodebin ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto  ! <some other elements>
Streaming to a host
On the target board
GStreamer 0.10.x

On RR SDK after regular installation to /usr/lib/gstreamer-0.10 

gst-launch filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10 

gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>
GStreamer 1.x

On RR SDK after regular installation to /usr/lib/gstreamer-1.0 

gst-launch-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0 

gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>
On the host
gst-launch udpsrc port=3000 ! mpegtsdemux ! queue ! decodebin ! fpsdisplaysink sync=true async=false

Encoding/Decoding Playback Pipelines

GStreamer 1.0

  • TS - encrypting with gstcrypto
gst-launch-1.0 -e videotestsrc is-live=true !  x264enc  ! queue ! h264parse ! mpegtsmux !  filesink location=test.ts sync=true
gst-launch-1.0 filesrc location=test.ts ! crypto mode=enc ! filesink location=test.ts.enc
gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • AVI - encrypting with gstcrypto
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi
gst-launch-1.0 filesrc location=test.avi ! crypto mode=enc ! filesink location=test.avi.enc
gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • QuickTime - encrypting with gstcrypto
wget https://download.blender.org/peach/bigbuckbunny_movies/big_buck_bunny_480p_h264.mov
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov ! crypto mode=enc ! filesink location=big_buck_bunny_480p_h264.mov.enc
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.enc ! crypto mode=dec ! filesink location=big_buck_bunny_480p_h264.mov.dec
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.dec ! qtdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • TS - encrypting with openssl
gst-launch-1.0 -e videotestsrc is-live=true !  x264enc  ! queue ! h264parse ! mpegtsmux !  filesink location=test.ts sync=true
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.ts -out test.ts.enc
gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • AVI - encrypting with openssl
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.avi -out test.avi.enc
gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink

Encoding/Decoding Livestream Pipelines

GStreamer 1.0

  • TS - Encrypting Camera livestream with GstCrypto to a file
gst-launch-1.0 -e v4l2src device=/dev/video0 ! queue !  x264enc  ! queue ! h264parse ! mpegtsmux ! queue ! rndbuffersize min=4096 max=4096 !  crypto mode=enc ! filesink location=live.ts.enc
  • TS - Decrypt encoded file from the camera livestream
gst-launch-1.0 filesrc location=live.ts.enc blocksize=4096 ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • TS - Decrypt encoded file to a video file
gst-launch-1.0 filesrc location=live.ts.enc blocksize=4096 ! crypto mode=dec ! queue ! tsparse ! queue ! filesink location=live.ts sync=false

Encoding/Decoding Udpstream

GStreamer 1.0

H264 + Transport Stream
  • Server
gst-launch-1.0 videotestsrc is-live=true pattern=ball ! x264enc ! h264parse ! mpegtsmux ! tsparse ! rndbuffersize min=4096 max=4096  ! queue  ! crypto mode=enc ! queue ! udpsink port=5000
  • Receiver: Decrypt to a file
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! crypto mode=dec  ! queue  ! tsparse ! queue  ! filesink location=udpstream.ts
  • Receiver: Save encrypted udpstream
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! filesink location=udpstream.ts.enc
Jpeg
  • Server
gst-launch-1.0 videotestsrc is-live=true pattern=ball ! jpegenc ! queue ! rndbuffersize min=4096 max=4096  ! queue  ! crypto mode=enc  ! queue ! udpsink port=5000
  • Receiver: Decrypt to a display
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! crypto mode=dec  ! queue  ! jpegparse ! jpegdec  ! queue  ! xvimagesink sync=false

Encoding/Decoding on the Fly

GStreamer 1.0

  • Encoding, decoding and sending output to display in one pipeline
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! jpegenc ! queue ! rndbuffersize min=4096 max=4096 ! crypto mode=enc ! queue  ! crypto mode=dec !  jpegparse  ! jpegdec  ! xvimagesink

使用加密硬件加速

加密硬件加速可以与插件透明使用,并且可以独立配置。

有一些注意事项:

  • MCU是否包括硬件加密单元(例如,i.MX6上的CAAM)?
  • 哪种设置可以提高性能(例如,i.MX6上的数据块大小)?
  • 硬件加密单元和内核驱动程序是否支持要使用的密码?
  • 内核驱动程序是否有效实施?

gst-crypto GStreamer插件的更多相关文章

  1. GStreamer插件分类

    gst-plugins-base一套小而固定的插件,涵盖各种可能类型的elements; 这些在开发系列期间随着核心变化而不断更新.我们相信分销商可以安全地发行这些插件.人们编写插件应该将他们的代码基 ...

  2. gstreamer应用笔记

    gstreamer官网 https://gstreamer.freedesktop.org/ 应用手册 https://gstreamer.freedesktop.org/documentation/ ...

  3. GStreamer基础教程09 - Appsrc及Appsink

    摘要 在我们前面的文章中,我们的Pipline都是使用GStreamer自带的插件去产生/消费数据.在实际的情况中,我们的数据源可能没有相应的gstreamer插件,但我们又需要将数据发送到GStre ...

  4. 【miscellaneous】 GStreamer应用开发手册学习笔记之基础概念介绍

    第3章. 基础概念介绍 本章将介绍GStreamer的基本概念. 理解这些概念对于你后续的学习非常重要,因为后续深入的讲解我们都假定你已经完全理解了这些概念. 3.1. 元件(Elements) 元件 ...

  5. GStreamer基础教程12 - 常用命令工具

    摘要 GStreamer提供了不同的命令行工具用于快速的查看信息以及验证Pipeline的是否能够正确运行,在平时的开发过程中,我们也优先使用GStreamer的命令行工具验证,再将Pipeline集 ...

  6. 【GStreamer开发】GStreamer播放教程08——视频解码的硬件加速

    目标 视频的硬件解码近来发展非常快速,尤其是在低功耗的设备上.本教程会讲述一些硬件加速的背景知识并解释一下GStreamer是怎么做的. 悄悄告诉你,如果设置正确地话,我们什么也不用做,GStream ...

  7. 【miscellaneous】基于gstreamer的实时转码

    目标是实现一个实时转码,可用于IPTV提供节目源.相关工作在ubuntu操作系统下进行.需要对源代码进行修改的时候,直接采用apt-get source命令获取源代码,根据需要进行修改,然后安装,这样 ...

  8. 什么是GStreamer?

    什么是GStreamer? GStreamer是用于创建流媒体应用程序的框架.基本设计来自俄勒冈大学研究生院的视频管道以及DirectShow的一些想法. GStreamer的开发框架使编写任何类型的 ...

  9. 再次安装fedora23的一些遗留问题的解决

    当你习惯了某个版本后, 就不想再更换了. 安装fedora23的磁盘空间 获得? 在安装新的fedora23 的时候, 原来的磁盘没有清空, 于是 就 have not enough free apa ...

随机推荐

  1. addslashes,htmlspecialchars,htmlentities转换或者转义php特殊字符防止xss攻击以及sql注入

    一.转义或者转换的目的 1. 转义或者转换字符串防止sql注入 2. 转义或者转换字符防止html非过滤引起页面布局变化 3. 转义或者转换可以阻止javascript等脚本的xss攻击,避免出现类似 ...

  2. Linux下部署Django项目

    目录 安装python3.X环境 安装部署开启django 由于Linux系统默认自带的是2.X环境,所以我们需要去安装3.X环境的python. 安装python3.X环境 1.使用下面的命令下载P ...

  3. 初探SQL注入需要知道的5个问题

    SQL注入产生原理 可控变量(注入点,就是传参) 带入数据库查询 变量未存在过滤或过滤不严谨 例子: 获取admin表的pass里面的数据 select * from users where id=1 ...

  4. 详解 WebRTC 传输安全机制:一文读懂 DTLS 协议

    作者|进学 审校|泰一 DTLS (Datagram Transport Layer Security) 基于 UDP 场景下数据包可能丢失或重新排序的现实情况下,为 UDP 定制和改进的 TLS 协 ...

  5. Securecrt 在win7下 字体太少问题

    用WIN7,觉得securecrt里面可用的字体太少了.很多都没有,比如lucida console,经过一番查找,终于找到解决问题的方法了. 原因就是win7里面的很多字体都被设置为隐藏了,所以se ...

  6. 基于python对B站收藏夹按照视频发布时间进行排序

    基于python对B站收藏夹按照视频发布时间进行排序 前言 在最一开始,我的B站收藏一直是存放在默认收藏夹中,但是随着视频收藏的越来越多,没有分类的视频放在一起,想在众多视频中找到想要的视频非常困难, ...

  7. MySQL字段类型最全解析

    前言: 要了解一个数据库,我们必须了解其支持的数据类型.MySQL 支持大量的字段类型,其中常用的也有很多.前面文章我们也讲过 int 及 varchar 类型的用法,但一直没有全面讲过字段类型,本篇 ...

  8. C++ primer plus读书笔记——第1章 预备知识

    第1章 预备知识 1. Ritchie希望有一种语言能将低级语言的效率.硬件访问能力和高级语言的通用性.可移植性融合在一起,于是他在旧语言的基础上开发了C语言. 2. 在C++获得一定程度的成功后,S ...

  9. 【转载】geany linux python编译器 开源

    http://www.dekiru.cn/?p=1491 Geany 不好用,建议用一些好用的编辑器或ide Subliem Text 或 VS code Pycharm等. 设置运行环境 菜单栏–生 ...

  10. 诸神之眼 - Nmap 教程

    *注: www.heihei.work 为本人测试网站,可由 官方测试网站 scanme.nmap.org代替. NO.11.扫描端口开放的服务nmap -T4 -A -v www.heiehi.wo ...