gst-crypto GStreamer插件

内容

gst-crypto概述

RidgeRun的gst-crypto插件是一个GStreamer插件,可以轻松加密或解密通过GStreamer管道传递的内容。gst-crypto将利用任何可用的加密硬件加速器。gst-crypto基于OpenSSL,因此gst-crypto可以支持OpenSSL支持的任何加密技术。该插件支持任何支持opensl的​​加密/解密芯片,仅验证了aes-128-cbc和aes-256-cbc密码。 gst-crypto源代码尚未针对安全性缺陷进行专家审查。

另外,gst-crypto不支持查找和某些多路复用器/多路分解器,请在需要时咨询。解决方案支持解密时进行查找。

gst-crypto GStreamer插件功能

  • 验证aes-128-cbc和aes-256-cbc密码支持
  • 密码或密钥/ iv设置
  • GStreamer 0.10.x支持
  • GStreamer 1.x支持
  • 将摄像头的音频/视频直接捕获到加密的媒体文件中。
  • 解密流音频/视频并渲染到本地显示器/扬声器。

用例范例

GStreamer插件支持

获取所需的任何修改或扩展,以及与其他嵌入式Linux系统(例如Ubuntu,Yocto等)的集成。

在本地Linux PC上构建并运行

在Ubuntu-14.04 64位上测试:

源代码获取

git clone git@github.com:RidgeRun / gst-crypto
cd gst-crypto

GStreamer 0.10.x

git checkout release-0.10

GStreamer 1.x

git checkout release-1.0

注意:也有带标签的版本。

Compilation

./autogen.sh
./configure --libdir=/usr/lib/x86_64-linux-gnu/
make 
sudo make install

插件的位置可能会因系统而异。下表总结了不同设置的一些标准位置

如果不想安装到系统中,可以使用以下命令指定目录路径:

GST_PLUGIN_PATH=src/.libs/ gst-launch ....

gst-crypto源代码

https://github.com/RidgeRun/gst-crypto

SDK集成

可以使用SDK:

GStreamer 0.10.x

注意: v0.10.0gst-crypto-0.10.0.tar.gz)包含一个bug错误,该错误将GStreamer插件命名为gst-crypto而不是crypto。在运行测试管道时,记住这一点。

子目录结构

fs/apps/gst-crypto-0.10.0/Config

 config FS_APPS_GST_CRYPTO
        bool "gst-crypto-0.10.0"
        select FS_APPS_GSTREAMER_PLUGINS_BASE
        help
          This option enables RidgeRuns gst-crypto plugin.

fs/apps/gst-crypto-0.10.0/Makefile

 #$L$
 # Copyright (C) 2015 Ridgerun (http://www.ridgerun.com). 
 ##$L$
 
 PKG_URL=*********************
 PKG_TARBALL=gst-crypto-0.10.0.tar.gz
 PKG_SHA1SUM=61fdeeeb81cc339764a0c637fcd486c3861fa1a8
 
 include ../../../bsp/classes/rrsdk.class
 include $(CLASSES)/gstreamer-plugin.class

fs/apps/gst-crypto-0.10.0/metainfo

 TARGET_REQUIRED="gstreamer gst-plugins-base"

SDK GStreamer configuration

Execution
 `make env`
  make config
Configuration
 File System Configuration  --->
   Select target's file system software  --->
     [*] gst-crypto-0.10.0

GStreamer 1.x

Subdirectory structure

fs/apps/gst-crypto-1.0/Config

 config FS_APPS_GST_CRYPTO
        bool "gst-crypto-1.0"
        select FS_APPS_GSTREAMER_PLUGINS_BASE
        help
          This option enables RidgeRuns gst-crypto plugin.

fs/apps/gst-crypto-1.0/Makefile

 #$L$
 # Copyright (C) 2015 Ridgerun (http://www.ridgerun.com). 
 ##$L$
 
 PKG_URL=https://www.ridgerun.com/packages
 PKG_TARBALL=gst-crypto-1.0.tar.gz
 PKG_SHA1SUM=321bf7787bd4a4667c2f150df84bf6a9c138a15a
 
 include ../../../bsp/classes/rrsdk.class
 include $(CLASSES)/gstreamer-plugin.class

fs/apps/gst-crypto-1.0/metainfo

 TARGET_REQUIRED="gstreamer gst-plugins-base"

RR SDK GStreamer configuration

Execution
`make env`
 make config
Configuration
 File System Configuration  --->
   Select target's file system software  --->
     [*] gst-crypto-1.0

Example pipelines

Test pipeline

GStreamer 0.10.x

On RR SDK after regular installation to /usr/lib/gstreamer-0.10
echo "This is a crypto test ... " > plain.txt && gst-launch filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt
On Ubuntu after default installation to /usr/local/lib/gstreamer.0.10
echo "This is a crypto test ... " > plain.txt && gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=plain.txt ! crypto mode=enc ! gst-crypto mode=dec ! filesink location=dec.txt && cat dec.txt

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

 GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>

GStreamer 1.x

On RR SDK after regular installation to /usr/lib/gstreamer-1.0
echo "This is a crypto test ... " > plain.txt && gst-launch-1.0  filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt
On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
echo "This is a crypto test ... " > plain.txt && gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto  ! <some other elements>

Creating an encrypted video with the openssl tool and playback

Download demo video

wget http://blender-mirror.kino3d.org/peach/bigbuckbunny_movies/big_buck_bunny_720p_surround.avi

Encrypt

openssl enc -k RidgeRun -nosalt -aes-128-cbc -in big_buck_bunny_720p_surround.avi -out big_buck_bunny_720p_surround.avi.enc

Playback

Playback on a local display
GStreamer 0.10.x
On RR SDK after regular installation to /usr/lib/gstreamer-0.10
gst-launch filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10
gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>
GStreamer 1.x
On RR SDK after regular installation to /usr/lib/gstreamer-1.0
gst-launch-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! decodebin ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto  ! <some other elements>
Streaming to a host
On the target board
GStreamer 0.10.x

On RR SDK after regular installation to /usr/lib/gstreamer-0.10 

gst-launch filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10 

gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>
GStreamer 1.x

On RR SDK after regular installation to /usr/lib/gstreamer-1.0 

gst-launch-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0 

gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>
On the host
gst-launch udpsrc port=3000 ! mpegtsdemux ! queue ! decodebin ! fpsdisplaysink sync=true async=false

Encoding/Decoding Playback Pipelines

GStreamer 1.0

  • TS - encrypting with gstcrypto
gst-launch-1.0 -e videotestsrc is-live=true !  x264enc  ! queue ! h264parse ! mpegtsmux !  filesink location=test.ts sync=true
gst-launch-1.0 filesrc location=test.ts ! crypto mode=enc ! filesink location=test.ts.enc
gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • AVI - encrypting with gstcrypto
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi
gst-launch-1.0 filesrc location=test.avi ! crypto mode=enc ! filesink location=test.avi.enc
gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • QuickTime - encrypting with gstcrypto
wget https://download.blender.org/peach/bigbuckbunny_movies/big_buck_bunny_480p_h264.mov
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov ! crypto mode=enc ! filesink location=big_buck_bunny_480p_h264.mov.enc
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.enc ! crypto mode=dec ! filesink location=big_buck_bunny_480p_h264.mov.dec
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.dec ! qtdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • TS - encrypting with openssl
gst-launch-1.0 -e videotestsrc is-live=true !  x264enc  ! queue ! h264parse ! mpegtsmux !  filesink location=test.ts sync=true
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.ts -out test.ts.enc
gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • AVI - encrypting with openssl
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.avi -out test.avi.enc
gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink

Encoding/Decoding Livestream Pipelines

GStreamer 1.0

  • TS - Encrypting Camera livestream with GstCrypto to a file
gst-launch-1.0 -e v4l2src device=/dev/video0 ! queue !  x264enc  ! queue ! h264parse ! mpegtsmux ! queue ! rndbuffersize min=4096 max=4096 !  crypto mode=enc ! filesink location=live.ts.enc
  • TS - Decrypt encoded file from the camera livestream
gst-launch-1.0 filesrc location=live.ts.enc blocksize=4096 ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
  • TS - Decrypt encoded file to a video file
gst-launch-1.0 filesrc location=live.ts.enc blocksize=4096 ! crypto mode=dec ! queue ! tsparse ! queue ! filesink location=live.ts sync=false

Encoding/Decoding Udpstream

GStreamer 1.0

H264 + Transport Stream
  • Server
gst-launch-1.0 videotestsrc is-live=true pattern=ball ! x264enc ! h264parse ! mpegtsmux ! tsparse ! rndbuffersize min=4096 max=4096  ! queue  ! crypto mode=enc ! queue ! udpsink port=5000
  • Receiver: Decrypt to a file
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! crypto mode=dec  ! queue  ! tsparse ! queue  ! filesink location=udpstream.ts
  • Receiver: Save encrypted udpstream
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! filesink location=udpstream.ts.enc
Jpeg
  • Server
gst-launch-1.0 videotestsrc is-live=true pattern=ball ! jpegenc ! queue ! rndbuffersize min=4096 max=4096  ! queue  ! crypto mode=enc  ! queue ! udpsink port=5000
  • Receiver: Decrypt to a display
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! crypto mode=dec  ! queue  ! jpegparse ! jpegdec  ! queue  ! xvimagesink sync=false

Encoding/Decoding on the Fly

GStreamer 1.0

  • Encoding, decoding and sending output to display in one pipeline
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! jpegenc ! queue ! rndbuffersize min=4096 max=4096 ! crypto mode=enc ! queue  ! crypto mode=dec !  jpegparse  ! jpegdec  ! xvimagesink

使用加密硬件加速

加密硬件加速可以与插件透明使用,并且可以独立配置。

有一些注意事项:

  • MCU是否包括硬件加密单元(例如,i.MX6上的CAAM)?
  • 哪种设置可以提高性能(例如,i.MX6上的数据块大小)?
  • 硬件加密单元和内核驱动程序是否支持要使用的密码?
  • 内核驱动程序是否有效实施?

gst-crypto GStreamer插件的更多相关文章

  1. GStreamer插件分类

    gst-plugins-base一套小而固定的插件,涵盖各种可能类型的elements; 这些在开发系列期间随着核心变化而不断更新.我们相信分销商可以安全地发行这些插件.人们编写插件应该将他们的代码基 ...

  2. gstreamer应用笔记

    gstreamer官网 https://gstreamer.freedesktop.org/ 应用手册 https://gstreamer.freedesktop.org/documentation/ ...

  3. GStreamer基础教程09 - Appsrc及Appsink

    摘要 在我们前面的文章中,我们的Pipline都是使用GStreamer自带的插件去产生/消费数据.在实际的情况中,我们的数据源可能没有相应的gstreamer插件,但我们又需要将数据发送到GStre ...

  4. 【miscellaneous】 GStreamer应用开发手册学习笔记之基础概念介绍

    第3章. 基础概念介绍 本章将介绍GStreamer的基本概念. 理解这些概念对于你后续的学习非常重要,因为后续深入的讲解我们都假定你已经完全理解了这些概念. 3.1. 元件(Elements) 元件 ...

  5. GStreamer基础教程12 - 常用命令工具

    摘要 GStreamer提供了不同的命令行工具用于快速的查看信息以及验证Pipeline的是否能够正确运行,在平时的开发过程中,我们也优先使用GStreamer的命令行工具验证,再将Pipeline集 ...

  6. 【GStreamer开发】GStreamer播放教程08——视频解码的硬件加速

    目标 视频的硬件解码近来发展非常快速,尤其是在低功耗的设备上.本教程会讲述一些硬件加速的背景知识并解释一下GStreamer是怎么做的. 悄悄告诉你,如果设置正确地话,我们什么也不用做,GStream ...

  7. 【miscellaneous】基于gstreamer的实时转码

    目标是实现一个实时转码,可用于IPTV提供节目源.相关工作在ubuntu操作系统下进行.需要对源代码进行修改的时候,直接采用apt-get source命令获取源代码,根据需要进行修改,然后安装,这样 ...

  8. 什么是GStreamer?

    什么是GStreamer? GStreamer是用于创建流媒体应用程序的框架.基本设计来自俄勒冈大学研究生院的视频管道以及DirectShow的一些想法. GStreamer的开发框架使编写任何类型的 ...

  9. 再次安装fedora23的一些遗留问题的解决

    当你习惯了某个版本后, 就不想再更换了. 安装fedora23的磁盘空间 获得? 在安装新的fedora23 的时候, 原来的磁盘没有清空, 于是 就 have not enough free apa ...

随机推荐

  1. 【运维--系统】nacos介绍和安装

    目录: 简介 安装java 安装mysql 安装nacos 附录 简介 Nacos 致力于帮助您发现.配置和管理微服务.Nacos 提供了一组简单易用的特性集,帮助您快速实现动态服务发现.服务配置.服 ...

  2. 我为Dexposed续一秒——论ART上运行时 Method AOP实现

    转载于:http://weishu.me/2017/11/23/dexposed-on-art/ 两年前阿里开源了 Dexposed 项目,它能够在Dalvik上无侵入地实现运行时方法拦截,正如其介绍 ...

  3. Java中常见的包

    目录 JDK自带的包 第三方包 JDK自带的包 JAVA提供了强大的应用程序接口,既JAVA类库.他包含大量已经设计好的工具类,帮助程序员进行字符串处理.绘图.数学计算和网络应用等方面的工作.下面简单 ...

  4. 初学Golang的笔记

    Note 一个module是一个go package的集合,该module用于发布的一个单位. 一般一个go repo仅仅包含一个module,含有一个go.mod文件 每个module路径不仅仅用于 ...

  5. 数据库导入时出现“2006 - MySQL server has gone away”问题的解决(windows)

    1.查到文件my.ini,在文件最后([mysqld]段最后),修改"max_allowed_packet = 50M",添加"interactive_timeout = ...

  6. 取消本地SVN文件夹与服务器的关联

    方法一. 1.新建文本文档,添加内容如下: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fold ...

  7. mysql 连表不要用varchar和int这两种不相同的类型做比较

    他会默认你123abc等于123 说多了都是泪啊

  8. [Django框架之视图层]

    [Django框架之视图层] 视图层 Django视图层, 视图就是Django项目下的views.py文件,它的内部是一系列的函数或者是类,用来专门处理客户端访问请求后处理请求并且返回相应的数据,相 ...

  9. Linux USB ECM Gadget 驱动介绍

    ​1 USB ECM介绍 USB ECM,属于USB-IF定义的CDC(Communication Device Class)下的一个子类:Ethernet Networking Control Mo ...

  10. welcome实现首页路由的重定向效果

    welcome实现首页路由的重定向效果 1.创建welcome组件 2.在路由中引入组件并配置子组件 3.在home.vue中添加路由占位符 4.测试