gst-crypto GStreamer插件

内容

gst-crypto概述

RidgeRun的gst-crypto插件是一个GStreamer插件,可以轻松加密或解密通过GStreamer管道传递的内容。gst-crypto将利用任何可用的加密硬件加速器。gst-crypto基于OpenSSL,因此gst-crypto可以支持OpenSSL支持的任何加密技术。该插件支持任何支持opensl的​​加密/解密芯片,仅验证了aes-128-cbc和aes-256-cbc密码。 gst-crypto源代码尚未针对安全性缺陷进行专家审查。

另外,gst-crypto不支持查找和某些多路复用器/多路分解器,请在需要时咨询。解决方案支持解密时进行查找。

gst-crypto GStreamer插件功能

  • 验证aes-128-cbc和aes-256-cbc密码支持
  • 密码或密钥/ iv设置
  • GStreamer 0.10.x支持
  • GStreamer 1.x支持
  • 将摄像头的音频/视频直接捕获到加密的媒体文件中。
  • 解密流音频/视频并渲染到本地显示器/扬声器。

用例范例

GStreamer插件支持

获取所需的任何修改或扩展,以及与其他嵌入式Linux系统(例如Ubuntu,Yocto等)的集成。

在本地Linux PC上构建并运行

在Ubuntu-14.04 64位上测试:

源代码获取

git clone git@github.com:RidgeRun / gst-crypto
cd gst-crypto

GStreamer 0.10.x

git checkout release-0.10

GStreamer 1.x

git checkout release-1.0

注意:也有带标签的版本。

Compilation

./autogen.sh
./configure --libdir=/usr/lib/x86_64-linux-gnu/
make 
sudo make install

插件的位置可能会因系统而异。下表总结了不同设置的一些标准位置

如果不想安装到系统中,可以使用以下命令指定目录路径:

GST_PLUGIN_PATH=src/.libs/ gst-launch ....

gst-crypto源代码

https://github.com/RidgeRun/gst-crypto

SDK集成

可以使用SDK:

GStreamer 0.10.x

注意: v0.10.0gst-crypto-0.10.0.tar.gz)包含一个bug错误,该错误将GStreamer插件命名为gst-crypto而不是crypto。在运行测试管道时,记住这一点。

子目录结构

fs/apps/gst-crypto-0.10.0/Config

 config FS_APPS_GST_CRYPTO
        bool "gst-crypto-0.10.0"
        select FS_APPS_GSTREAMER_PLUGINS_BASE
        help
          This option enables RidgeRuns gst-crypto plugin.

fs/apps/gst-crypto-0.10.0/Makefile

 #$L$
 # Copyright (C) 2015 Ridgerun (http://www.ridgerun.com). 
 ##$L$
 
 PKG_URL=*********************
 PKG_TARBALL=gst-crypto-0.10.0.tar.gz
 PKG_SHA1SUM=61fdeeeb81cc339764a0c637fcd486c3861fa1a8
 
 include ../../../bsp/classes/rrsdk.class
 include $(CLASSES)/gstreamer-plugin.class

fs/apps/gst-crypto-0.10.0/metainfo

 TARGET_REQUIRED="gstreamer gst-plugins-base"

SDK GStreamer configuration

Execution
 `make env`
  make config
Configuration
 File System Configuration  --->
   Select target's file system software  --->
     [*] gst-crypto-0.10.0

GStreamer 1.x

Subdirectory structure

fs/apps/gst-crypto-1.0/Config

 config FS_APPS_GST_CRYPTO
        bool "gst-crypto-1.0"
        select FS_APPS_GSTREAMER_PLUGINS_BASE
        help
          This option enables RidgeRuns gst-crypto plugin.

fs/apps/gst-crypto-1.0/Makefile

 #$L$
 # Copyright (C) 2015 Ridgerun (http://www.ridgerun.com). 
 ##$L$
 
 PKG_URL=https://www.ridgerun.com/packages
 PKG_TARBALL=gst-crypto-1.0.tar.gz
 PKG_SHA1SUM=321bf7787bd4a4667c2f150df84bf6a9c138a15a
 
 include ../../../bsp/classes/rrsdk.class
 include $(CLASSES)/gstreamer-plugin.class

fs/apps/gst-crypto-1.0/metainfo

 TARGET_REQUIRED="gstreamer gst-plugins-base"

RR SDK GStreamer configuration

Execution
`make env`
 make config
Configuration
 File System Configuration  --->
   Select target's file system software  --->
     [*] gst-crypto-1.0

Example pipelines

Test pipeline

GStreamer 0.10.x

On RR SDK after regular installation to /usr/lib/gstreamer-0.10
echo "This is a crypto test ... " > plain.txt && gst-launch filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt
On Ubuntu after default installation to /usr/local/lib/gstreamer.0.10
echo "This is a crypto test ... " > plain.txt && gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=plain.txt ! crypto mode=enc ! gst-crypto mode=dec ! filesink location=dec.txt && cat dec.txt

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

 GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>

GStreamer 1.x

On RR SDK after regular installation to /usr/lib/gstreamer-1.0
echo "This is a crypto test ... " > plain.txt && gst-launch-1.0  filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt
On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
echo "This is a crypto test ... " > plain.txt && gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto  ! <some other elements>

Creating an encrypted video with the openssl tool and playback

Download demo video

wget http://blender-mirror.kino3d.org/peach/bigbuckbunny_movies/big_buck_bunny_720p_surround.avi

Encrypt

openssl enc -k RidgeRun -nosalt -aes-128-cbc -in big_buck_bunny_720p_surround.avi -out big_buck_bunny_720p_surround.avi.enc

Playback

Playback on a local display
GStreamer 0.10.x
On RR SDK after regular installation to /usr/lib/gstreamer-0.10
gst-launch filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10
gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>
GStreamer 1.x
On RR SDK after regular installation to /usr/lib/gstreamer-1.0
gst-launch-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! decodebin ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto  ! <some other elements>
Streaming to a host
On the target board
GStreamer 0.10.x

On RR SDK after regular installation to /usr/lib/gstreamer-0.10 

gst-launch filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10 

gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>
GStreamer 1.x

On RR SDK after regular installation to /usr/lib/gstreamer-1.0 

gst-launch-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0 

gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>
On the host
gst-launch udpsrc port=3000 ! mpegtsdemux ! queue ! decodebin ! fpsdisplaysink sync=true async=false

Encoding/Decoding Playback Pipelines

GStreamer 1.0

  • TS - encrypting with gstcrypto
gst-launch-1.0 -e videotestsrc is-live=true !  x264enc  ! queue ! h264parse ! mpegtsmux !  filesink location=test.ts sync=true
gst-launch-1.0 filesrc location=test.ts ! crypto mode=enc ! filesink location=test.ts.enc
gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • AVI - encrypting with gstcrypto
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi
gst-launch-1.0 filesrc location=test.avi ! crypto mode=enc ! filesink location=test.avi.enc
gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • QuickTime - encrypting with gstcrypto
wget https://download.blender.org/peach/bigbuckbunny_movies/big_buck_bunny_480p_h264.mov
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov ! crypto mode=enc ! filesink location=big_buck_bunny_480p_h264.mov.enc
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.enc ! crypto mode=dec ! filesink location=big_buck_bunny_480p_h264.mov.dec
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.dec ! qtdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • TS - encrypting with openssl
gst-launch-1.0 -e videotestsrc is-live=true !  x264enc  ! queue ! h264parse ! mpegtsmux !  filesink location=test.ts sync=true
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.ts -out test.ts.enc
gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • AVI - encrypting with openssl
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.avi -out test.avi.enc
gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink

Encoding/Decoding Livestream Pipelines

GStreamer 1.0

  • TS - Encrypting Camera livestream with GstCrypto to a file
gst-launch-1.0 -e v4l2src device=/dev/video0 ! queue !  x264enc  ! queue ! h264parse ! mpegtsmux ! queue ! rndbuffersize min=4096 max=4096 !  crypto mode=enc ! filesink location=live.ts.enc
  • TS - Decrypt encoded file from the camera livestream
gst-launch-1.0 filesrc location=live.ts.enc blocksize=4096 ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • TS - Decrypt encoded file to a video file
gst-launch-1.0 filesrc location=live.ts.enc blocksize=4096 ! crypto mode=dec ! queue ! tsparse ! queue ! filesink location=live.ts sync=false

Encoding/Decoding Udpstream

GStreamer 1.0

H264 + Transport Stream
  • Server
gst-launch-1.0 videotestsrc is-live=true pattern=ball ! x264enc ! h264parse ! mpegtsmux ! tsparse ! rndbuffersize min=4096 max=4096  ! queue  ! crypto mode=enc ! queue ! udpsink port=5000
  • Receiver: Decrypt to a file
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! crypto mode=dec  ! queue  ! tsparse ! queue  ! filesink location=udpstream.ts
  • Receiver: Save encrypted udpstream
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! filesink location=udpstream.ts.enc
Jpeg
  • Server
gst-launch-1.0 videotestsrc is-live=true pattern=ball ! jpegenc ! queue ! rndbuffersize min=4096 max=4096  ! queue  ! crypto mode=enc  ! queue ! udpsink port=5000
  • Receiver: Decrypt to a display
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! crypto mode=dec  ! queue  ! jpegparse ! jpegdec  ! queue  ! xvimagesink sync=false

Encoding/Decoding on the Fly

GStreamer 1.0

  • Encoding, decoding and sending output to display in one pipeline
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! jpegenc ! queue ! rndbuffersize min=4096 max=4096 ! crypto mode=enc ! queue  ! crypto mode=dec !  jpegparse  ! jpegdec  ! xvimagesink

使用加密硬件加速

加密硬件加速可以与插件透明使用,并且可以独立配置。

有一些注意事项:

  • MCU是否包括硬件加密单元(例如,i.MX6上的CAAM)?
  • 哪种设置可以提高性能(例如,i.MX6上的数据块大小)?
  • 硬件加密单元和内核驱动程序是否支持要使用的密码?
  • 内核驱动程序是否有效实施?

gst-crypto GStreamer插件的更多相关文章

  1. GStreamer插件分类

    gst-plugins-base一套小而固定的插件,涵盖各种可能类型的elements; 这些在开发系列期间随着核心变化而不断更新.我们相信分销商可以安全地发行这些插件.人们编写插件应该将他们的代码基 ...

  2. gstreamer应用笔记

    gstreamer官网 https://gstreamer.freedesktop.org/ 应用手册 https://gstreamer.freedesktop.org/documentation/ ...

  3. GStreamer基础教程09 - Appsrc及Appsink

    摘要 在我们前面的文章中,我们的Pipline都是使用GStreamer自带的插件去产生/消费数据.在实际的情况中,我们的数据源可能没有相应的gstreamer插件,但我们又需要将数据发送到GStre ...

  4. 【miscellaneous】 GStreamer应用开发手册学习笔记之基础概念介绍

    第3章. 基础概念介绍 本章将介绍GStreamer的基本概念. 理解这些概念对于你后续的学习非常重要,因为后续深入的讲解我们都假定你已经完全理解了这些概念. 3.1. 元件(Elements) 元件 ...

  5. GStreamer基础教程12 - 常用命令工具

    摘要 GStreamer提供了不同的命令行工具用于快速的查看信息以及验证Pipeline的是否能够正确运行,在平时的开发过程中,我们也优先使用GStreamer的命令行工具验证,再将Pipeline集 ...

  6. 【GStreamer开发】GStreamer播放教程08——视频解码的硬件加速

    目标 视频的硬件解码近来发展非常快速,尤其是在低功耗的设备上.本教程会讲述一些硬件加速的背景知识并解释一下GStreamer是怎么做的. 悄悄告诉你,如果设置正确地话,我们什么也不用做,GStream ...

  7. 【miscellaneous】基于gstreamer的实时转码

    目标是实现一个实时转码,可用于IPTV提供节目源.相关工作在ubuntu操作系统下进行.需要对源代码进行修改的时候,直接采用apt-get source命令获取源代码,根据需要进行修改,然后安装,这样 ...

  8. 什么是GStreamer?

    什么是GStreamer? GStreamer是用于创建流媒体应用程序的框架.基本设计来自俄勒冈大学研究生院的视频管道以及DirectShow的一些想法. GStreamer的开发框架使编写任何类型的 ...

  9. 再次安装fedora23的一些遗留问题的解决

    当你习惯了某个版本后, 就不想再更换了. 安装fedora23的磁盘空间 获得? 在安装新的fedora23 的时候, 原来的磁盘没有清空, 于是 就 have not enough free apa ...

随机推荐

  1. 百度sitemap.xml

    <?xml version="1.0" encoding="UTF-8" ?> <urlset xmlns="http://www. ...

  2. windows-CODE注入(远程线程注入)

    远程线程注入(先简单说,下面会详细说)今天整理下代码注入(远程线程注入),所谓代码注入,可以简单的理解为是在指定内进程里申请一块内存,然后把我们自己的执行代码和一些变量拷贝进去(通常是以启线程的方式) ...

  3. node-OS&Domain&Net&Path

    OS--------------------------------------------- Node.js os 模块提供了一些基本的系统操作函数. var os = require(" ...

  4. 每天一道面试题LeetCode 26--删除排序数组中的重复项(python实现)

    题目1:给定一个排序数组,你需要在原地删除重复出现的元素,使得每个元素只出现一次,返回移除后数组的新长度. 不要使用额外的数组空间,你必须在原地修改输入数组并在使用 O(1) 额外空间的条件下完成. ...

  5. layUI form表单 防止多次点击重复提交

    //监听 弹框-变更处理备注-提交 form.on('submit(popFormSubPass)', function (data) { //防止重复点击: 单击之后提交按钮不可选,防止重复提交 v ...

  6. ArrayList初步使用

    ️Practice the usage of ArrayList all of String with a exampe of NoteBook. ArrayList all of String的部分 ...

  7. PhpStorm个性化设置推荐

    预览 字体 字体使用jetbrains的mono,前往下载:如何安装,字体安装完成之后Restart,可在PhpStorm settings中搜索 font 进行启用 mono 字体 主题 主题推荐使 ...

  8. Hive解析Json数组超全讲解

    在Hive中会有很多数据是用Json格式来存储的,如开发人员对APP上的页面进行埋点时,会将多个字段存放在一个json数组中,因此数据平台调用数据时,要对埋点数据进行解析.接下来就聊聊Hive中是如何 ...

  9. 使用C#进行数据库增删改查ADO.NET(一)

    这节讲一下如何使用C#进行数据库的增删改查操作,本节以SQL Server数据库为例. .NET 平台,使用ADO.NET 作为与数据库服务器的桥梁,我们通过ADO.NET就可以使用C#语言操作数据库 ...

  10. 在?开源社区版的 AirTag 请收下——GitHub 热点速览 v.21.21

    作者:HelloGitHub-小鱼干 在比特币跌到怀疑人生的时候,看着"出血不止"的荷包,是时候来"薅"一波羊毛了.openhaystack 能让你免去购买 A ...