Difference between revisions of "RidgeRun gst-crypto GStreamer Plugin"
m (→Using Crypto Hardware Acceleration) |
m |
||
| Line 208: | Line 208: | ||
[*] gst-crypto-1.0 | [*] gst-crypto-1.0 | ||
</source> | </source> | ||
| − | |||
| − | |||
== Example pipelines == | == Example pipelines == | ||
Revision as of 08:32, 30 April 2020
 |
gst-crypto Overview
RidgeRun's gst-crypto plugin makes it easy to encrypt or decrypt content passing through a GStreamer pipeline. gst-crypto will take advantage of any available crypto hardware accelerators. gst-crypto is based on OpenSSL so any encryption technology supported by OpenSSL can be supported by gst-crypto. Currently, only aes-128-cbc cipher is support. gst-crypto source code has not yet been reviewed by experts for security deficiencies.
Also gst-crypto does not support seeking and some mux/demuxers, please inquire in case this is needed. RidgeRun has solutions that supports seeking while doing decrypting.
gst-crypto Features
- aes-128-cbc cipher support
- Password or key/iv setup
- GStreamer 0.10.x support
- GStreamer 1.x support
Example Use Cases
- Capture audio/video from a camera directly into an encrypted media file.
- Decrypt streaming audio/video and render to local display/speakers.
GStreamer Plugin Support
Please Contact RidgeRun for any modifications or extensions needed and Integration into other Embedded Linux Systems (e.g. Ubuntu, Yocto, ...).
Build and run on a local Linux PC
Tested on Ubuntu-14.04 64 bit:
Source code fetch
git clone git@github.com:RidgeRun/gst-crypto cd gst-crypto
GStreamer 0.10.x
git checkout release-0.10
GStreamer 1.x
git checkout release-1.0
Note: There are tagged releases also.
Compilation
./autogen.sh ./configure make sudo make install
If you don't want to install into your system you can specify directory path with:
GST_PLUGIN_PATH=src/.libs/ gst-launch ....
gst-crypto Source code
Location
RR SDK Integration
One of our demo SDK's can be used:
- i.MX6 SabreLite board - with crypto hardware acceleration
- DM368 Leopard board - no crypto hardware available
GStreamer 0.10.x
Note: v0.10.0 (gst-crypto-0.10.0.tar.gz) contains a bug that names the plugin gst-crypto instead of crypto. Please keep that in mind when running the test pipelines.
Subdirectory structure
├── fs
├── apps
├── gst-crypto-0.10.0
├── Config
├── Makefile
└── metainfo
fs/apps/gst-crypto-0.10.0/Config
config FS_APPS_GST_CRYPTO
bool "gst-crypto-0.10.0"
select FS_APPS_GSTREAMER_PLUGINS_BASE
help
This option enables RidgeRuns gst-crypto plugin.
fs/apps/gst-crypto-0.10.0/Makefile
#$L$
# Copyright (C) 2015 Ridgerun (http://www.ridgerun.com).
##$L$
PKG_URL=*********************
PKG_TARBALL=gst-crypto-0.10.0.tar.gz
PKG_SHA1SUM=61fdeeeb81cc339764a0c637fcd486c3861fa1a8
include ../../../bsp/classes/rrsdk.class
include $(CLASSES)/gstreamer-plugin.class
fs/apps/gst-crypto-0.10.0/metainfo
TARGET_REQUIRED="gstreamer gst-plugins-base"
RR SDK GStreamer configuration
Execution
`make env`
make config
Configuration
File System Configuration --->
Select target's file system software --->
[*] gst-crypto-0.10.0
GStreamer 1.x
Subdirectory structure
├── fs
├── apps
├── gst-crypto-1.0
├── Config
├── Makefile
└── metainfo
fs/apps/gst-crypto-1.0/Config
config FS_APPS_GST_CRYPTO
bool "gst-crypto-1.0"
select FS_APPS_GSTREAMER_PLUGINS_BASE
help
This option enables RidgeRuns gst-crypto plugin.
fs/apps/gst-crypto-1.0/Makefile
#$L$
# Copyright (C) 2015 Ridgerun (http://www.ridgerun.com).
##$L$
PKG_URL=https://www.ridgerun.com/packages
PKG_TARBALL=gst-crypto-1.0.tar.gz
PKG_SHA1SUM=321bf7787bd4a4667c2f150df84bf6a9c138a15a
include ../../../bsp/classes/rrsdk.class
include $(CLASSES)/gstreamer-plugin.class
fs/apps/gst-crypto-1.0/metainfo
TARGET_REQUIRED="gstreamer gst-plugins-base"
RR SDK GStreamer configuration
Execution
`make env`
make config
Configuration
File System Configuration --->
Select target's file system software --->
[*] gst-crypto-1.0
Example pipelines
Test pipeline
GStreamer 0.10.x
On RR SDK after regular installation to /usr/lib/gstreamer-0.10
echo "This is a crypto test ... " > plain.txt && gst-launch filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt
On Ubuntu after default installation to /usr/local/lib/gstreamer.0.10
echo "This is a crypto test ... " > plain.txt && gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=plain.txt ! crypto mode=enc ! gst-crypto mode=dec ! filesink location=dec.txt && cat dec.txt
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto ! <some other elements>
GStreamer 1.x
On RR SDK after regular installation to /usr/lib/gstreamer-1.0
echo "This is a crypto test ... " > plain.txt && gst-launch-1.0 filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt
On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
echo "This is a crypto test ... " > plain.txt && gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto ! <some other elements>
Creating an encrypted video with the openssl tool and playback
Download demo video
wget http://blender-mirror.kino3d.org/peach/bigbuckbunny_movies/big_buck_bunny_720p_surround.avi
Encrypt
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in big_buck_bunny_720p_surround.avi -out big_buck_bunny_720p_surround.avi.enc
Playback
Playback on a local display
GStreamer 0.10.x
On RR SDK after regular installation to /usr/lib/gstreamer-0.10
gst-launch filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10
gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto ! <some other elements>
GStreamer 1.x
On RR SDK after regular installation to /usr/lib/gstreamer-1.0
gst-launch-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! decodebin ! queue ! xvimagesink
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto ! <some other elements>
Streaming to a host
On the target board
GStreamer 0.10.x
On RR SDK after regular installation to /usr/lib/gstreamer-0.10
gst-launch filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false
Note: Replace the IP address according to your host system.
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10
gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false
Note: Replace the IP address according to your host system.
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto ! <some other elements>
GStreamer 1.x
On RR SDK after regular installation to /usr/lib/gstreamer-1.0
gst-launch-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false
Note: Replace the IP address according to your host system.
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false
Note: Replace the IP address according to your host system.
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto ! <some other elements>
On the host
gst-launch udpsrc port=3000 ! mpegtsdemux ! queue ! decodebin ! fpsdisplaysink sync=true async=false
Encoding/Decoding Playback Pipelines
GStreamer 1.0
- TS - encrypting with gstcrypto
gst-launch-1.0 -e videotestsrc is-live=true ! x264enc ! queue ! h264parse ! mpegtsmux ! filesink location=test.ts sync=true
gst-launch-1.0 filesrc location=test.ts ! crypto mode=enc ! filesink location=test.ts.enc
gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- AVI - encrypting with gstcrypto
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi
gst-launch-1.0 filesrc location=test.avi ! crypto mode=enc ! filesink location=test.avi.enc
gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- QuickTime - encrypting with gstcrypto
wget https://download.blender.org/peach/bigbuckbunny_movies/big_buck_bunny_480p_h264.mov
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov ! crypto mode=enc ! filesink location=big_buck_bunny_480p_h264.mov.enc
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.enc ! crypto mode=dec ! filesink location=big_buck_bunny_480p_h264.mov.dec
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.dec ! qtdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- TS - encrypting with openssl
gst-launch-1.0 -e videotestsrc is-live=true ! x264enc ! queue ! h264parse ! mpegtsmux ! filesink location=test.ts sync=true
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.ts -out test.ts.enc
gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- AVI - encrypting with openssl
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.avi -out test.avi.enc
gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
Using Crypto Hardware Acceleration
Crypto Hardware Acceleration can be used transparently with the plugin and can be configured independently.
There are some considerations to take into account:
- Does the MCU include a hardware crypto unit (e.g. CAAM on i.MX6)?
- Which setup would result in a performance gain (e.g data block size on i.MX6)?
- Is the cipher to be used supported by the hardware crypto unit and the kernel driver?
- Is the kernel driver implemented efficiently?
See:
test pipelines for release2.0
Raw data file
Encode
gst-launch-1.0 filesrc location=small-file.file ! crypto mode=enc ! filesink location=small-file.file.enc
Decode
gst-launch-1.0 filesrc location=small-file.file.enc ! crypto mode=dec ! filesink location=output.dec
Notes: 1 byte file, content was verified before/after crypto encode/decode, data was not affected by encode/decode process
Big Buck Bunny avi file
Encode file with gst-crypto
gst-launch-1.0 filesrc location=big_buck_bunny_1080p_surround.avi ! crypto mode=enc ! filesink location=big_buck_bunny_1080p_surround.avi.enc
Decode and display
gst-launch-1.0 filesrc location=big_buck_bunny_1080p_surround.avi.enc blocksize=4096 ! crypto mode=dec ! queue ! avidemux ! avdec_mpeg4 ! xvimagesink
Encoding with openssl Decoding also work when using openssl for encoding
Encode with openssl
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in big_buck_bunny_1080p_surround.avi -out openssl-enc-big_buck_bunny_1080p_surround.avi.enc
Decode and display
gst-launch-1.0 filesrc location=openssl-enc-big_buck_bunny_1080p_surround.avi.enc blocksize=4096 ! crypto mode=dec ! queue ! avidemux ! avdec_mpeg4 ! xvimagesink
Audio/video decode file Note: this pipeline can be optimized, just for testing.
GST_DEBUG=3 gst-launch-1.0 filesrc location=big_buck_bunny_1080p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux name=demux demux.video_0 ! 'video/mpeg, mpegversion=(int)4' ! queue ! avdec_mpeg4 ! xvimagesink async=false demux.audio_0 ! queue ! decodebin ! audioconvert ! alsasink async=false
iMX6 example pipelines
Tested on iMX6 Nitrogen6x board with RidgeRun SDK:
Avi decrypt and playback
gst-launch-1.0 filesrc location=/mnt/big_buck_bunny_1080p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux name=demux demux.video_0 ! 'video/mpeg, mpegversion=(int)4' ! queue ! vpudec ! imxv4l2sink name=videosink device=/dev/video17 async=false
iMX6 transport stream
gst-launch-1.0 filesrc location=/mnt/test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! vpudec ! imxv4l2sink name=videosink device=/dev/video17 async=false
|
RidgeRun Resources | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Visit our Main Website for the RidgeRun Products and Online Store. RidgeRun Engineering informations are available in RidgeRun Professional Services, RidgeRun Subscription Model and Client Engagement Process wiki pages. Please email to support@ridgerun.com for technical questions and contactus@ridgerun.com for other queries. Contact details for sponsoring the RidgeRun GStreamer projects are available in Sponsor Projects page. |  
|
