Difference between revisions of "RidgeRun gst-crypto GStreamer Plugin"
(→Compilation) |
|||
Line 1: | Line 1: | ||
− | <seo title="GST-Crypto | + | <seo title="GStreamer Plugin | GST-Crypto Plugin | RidgeRun" titlemode="replace" keywords="GStreamer, Linux SDK, Linux BSP, Embedded Linux, Device Drivers, Nvidia, Xilinx, TI, NXP, Freescale, Embedded Linux driver development, Linux Software development, Embedded Linux SDK, Embedded Linux Application development, GStreamer Multimedia Framework." description="Use RidgeRun’s gst-crypto GStreamer plugin to easily encrypt or decrypt content passing through a GStreamer pipeline Discover the features, example use cases, and more."></seo> |
<br> | <br> | ||
Line 16: | Line 16: | ||
</table> | </table> | ||
− | = Overview = | + | == gst-crypto Overview == |
RidgeRun's ''gst-crypto'' plugin makes it easy to encrypt or decrypt content passing through a GStreamer pipeline. gst-crypto will take advantage of any available crypto hardware accelerators. gst-crypto is based on OpenSSL so any encryption technology supported by OpenSSL can be supported by gst-crypto. Currently, only aes-128-cbc cipher is support. ''gst-crypto'' source code has not yet been reviewed by experts for security deficiencies. | RidgeRun's ''gst-crypto'' plugin makes it easy to encrypt or decrypt content passing through a GStreamer pipeline. gst-crypto will take advantage of any available crypto hardware accelerators. gst-crypto is based on OpenSSL so any encryption technology supported by OpenSSL can be supported by gst-crypto. Currently, only aes-128-cbc cipher is support. ''gst-crypto'' source code has not yet been reviewed by experts for security deficiencies. | ||
Line 22: | Line 22: | ||
Also gst-crypto does not support seeking and some mux/demuxers, please inquire in case this is needed. RidgeRun has solutions that supports seeking while doing decrypting. | Also gst-crypto does not support seeking and some mux/demuxers, please inquire in case this is needed. RidgeRun has solutions that supports seeking while doing decrypting. | ||
− | == Features == | + | === Features === |
* aes-128-cbc cipher support | * aes-128-cbc cipher support |
Revision as of 08:53, 30 October 2019
Open-source project from Ridgerun. |
Contents
|
Error creating thumbnail: Unable to save thumbnail to destination
|
gst-crypto Overview
RidgeRun's gst-crypto plugin makes it easy to encrypt or decrypt content passing through a GStreamer pipeline. gst-crypto will take advantage of any available crypto hardware accelerators. gst-crypto is based on OpenSSL so any encryption technology supported by OpenSSL can be supported by gst-crypto. Currently, only aes-128-cbc cipher is support. gst-crypto source code has not yet been reviewed by experts for security deficiencies.
Also gst-crypto does not support seeking and some mux/demuxers, please inquire in case this is needed. RidgeRun has solutions that supports seeking while doing decrypting.
Features
- aes-128-cbc cipher support
- Password or key/iv setup
- GStreamer 0.10.x support
- GStreamer 1.x support
Example Use Cases
- Capture audio/video from a camera directly into an encrypted media file.
- Decrypt streaming audio/video and render to local display/speakers.
Support
Modifications or extensions needed? Integration into other Embedded Linux Systems (e.g. Ubuntu, Yocto, ...)?
- Contact Us or send an email to support@ridgerun.com
Build and run on a local Linux PC
Tested on Ubuntu-14.04 64 bit:
Source code fetch
git clone git@github.com:RidgeRun/gst-crypto cd gst-crypto
GStreamer 0.10.x
git checkout release-0.10
GStreamer 1.x
git checkout release-1.0
Note: There are tagged releases also.
Compilation
./autogen.sh ./configure make sudo make install
If you don't want to install into your system you can specify directory path with:
GST_PLUGIN_PATH=src/.libs/ gst-launch ....
Source code
Location
RR SDK Integration
One of our demo SDK's can be used:
- i.MX6 SabreLite board - with crypto hardware acceleration
- DM368 Leopard board - no crypto hardware available
GStreamer 0.10.x
Note: v0.10.0 (gst-crypto-0.10.0.tar.gz) contains a bug that names the plugin gst-crypto instead of crypto. Please keep that in mind when running the test pipelines.
Subdirectory structure
├── fs ├── apps ├── gst-crypto-0.10.0 ├── Config ├── Makefile └── metainfo
fs/apps/gst-crypto-0.10.0/Config
config FS_APPS_GST_CRYPTO bool "gst-crypto-0.10.0" select FS_APPS_GSTREAMER_PLUGINS_BASE help This option enables RidgeRuns gst-crypto plugin.
fs/apps/gst-crypto-0.10.0/Makefile
#$L$ # Copyright (C) 2015 Ridgerun (http://www.ridgerun.com). ##$L$ PKG_URL=********************* PKG_TARBALL=gst-crypto-0.10.0.tar.gz PKG_SHA1SUM=61fdeeeb81cc339764a0c637fcd486c3861fa1a8 include ../../../bsp/classes/rrsdk.class include $(CLASSES)/gstreamer-plugin.class
fs/apps/gst-crypto-0.10.0/metainfo
TARGET_REQUIRED="gstreamer gst-plugins-base"
RR SDK configuration
Execution
`make env` make config
Configuration
File System Configuration ---> Select target's file system software ---> [*] gst-crypto-0.10.0
GStreamer 1.x
Subdirectory structure
├── fs ├── apps ├── gst-crypto-1.0 ├── Config ├── Makefile └── metainfo
fs/apps/gst-crypto-1.0/Config
config FS_APPS_GST_CRYPTO bool "gst-crypto-1.0" select FS_APPS_GSTREAMER_PLUGINS_BASE help This option enables RidgeRuns gst-crypto plugin.
fs/apps/gst-crypto-1.0/Makefile
#$L$ # Copyright (C) 2015 Ridgerun (http://www.ridgerun.com). ##$L$ PKG_URL=https://www.ridgerun.com/packages PKG_TARBALL=gst-crypto-1.0.tar.gz PKG_SHA1SUM=321bf7787bd4a4667c2f150df84bf6a9c138a15a include ../../../bsp/classes/rrsdk.class include $(CLASSES)/gstreamer-plugin.class
fs/apps/gst-crypto-1.0/metainfo
TARGET_REQUIRED="gstreamer gst-plugins-base"
RR SDK configuration
Execution
`make env` make config
Configuration
File System Configuration ---> Select target's file system software ---> [*] gst-crypto-1.0
Example pipelines
Test pipeline
GStreamer 0.10.x
On RR SDK after regular installation to /usr/lib/gstreamer-0.10
echo "This is a crypto test ... " > plain.txt && gst-launch filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt
On Ubuntu after default installation to /usr/local/lib/gstreamer.0.10
echo "This is a crypto test ... " > plain.txt && gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=plain.txt ! crypto mode=enc ! gst-crypto mode=dec ! filesink location=dec.txt && cat dec.txt
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto ! <some other elements>
GStreamer 1.x
On RR SDK after regular installation to /usr/lib/gstreamer-1.0
echo "This is a crypto test ... " > plain.txt && gst-launch-1.0 filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt
On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
echo "This is a crypto test ... " > plain.txt && gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto ! <some other elements>
Creating a encrypted video with the openssl tool and playback
Download demo video
wget http://blender-mirror.kino3d.org/peach/bigbuckbunny_movies/big_buck_bunny_720p_surround.avi
Encrypt
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in big_buck_bunny_720p_surround.avi -out big_buck_bunny_720p_surround.avi.enc
Playback
Playback on a local display
GStreamer 0.10.x
On RR SDK after regular installation to /usr/lib/gstreamer-0.10
gst-launch filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10
gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto ! <some other elements>
GStreamer 1.x
On RR SDK after regular installation to /usr/lib/gstreamer-1.0
gst-launch-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! decodebin ! queue ! xvimagesink
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto ! <some other elements>
Streaming to a host
On the target board
GStreamer 0.10.x
On RR SDK after regular installation to /usr/lib/gstreamer-0.10
gst-launch filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false
Note: Replace the IP address according to your host system.
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10
gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false
Note: Replace the IP address according to your host system.
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto ! <some other elements>
GStreamer 1.x
On RR SDK after regular installation to /usr/lib/gstreamer-1.0
gst-launch-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false
Note: Replace the IP address according to your host system.
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false
Note: Replace the IP address according to your host system.
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto ! <some other elements>
On the host
gst-launch udpsrc port=3000 ! mpegtsdemux ! queue ! decodebin ! fpsdisplaysink sync=true async=false
Encoding/Decoding Playback Pipelines
GStreamer 1.0
- TS - encrypting with gstcrypto
gst-launch-1.0 -e videotestsrc is-live=true ! x264enc ! queue ! h264parse ! mpegtsmux ! filesink location=test.ts sync=true
gst-launch-1.0 filesrc location=test.ts ! crypto mode=enc ! filesink location=test.ts.enc
gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- AVI - encrypting with gstcrypto
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi
gst-launch-1.0 filesrc location=test.avi ! crypto mode=enc ! filesink location=test.avi.enc
gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- QuickTime - encrypting with gstcrypto
wget https://download.blender.org/peach/bigbuckbunny_movies/big_buck_bunny_480p_h264.mov
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov ! crypto mode=enc ! filesink location=big_buck_bunny_480p_h264.mov.enc
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.enc ! crypto mode=dec ! filesink location=big_buck_bunny_480p_h264.mov.dec
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.dec ! qtdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- TS - encrypting with openssl
gst-launch-1.0 -e videotestsrc is-live=true ! x264enc ! queue ! h264parse ! mpegtsmux ! filesink location=test.ts sync=true
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.ts -out test.ts.enc
gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- AVI - encrypting with openssl
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.avi -out test.avi.enc
gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
Using Crypto Hardware Acceleration
Crypto Hardware Acceleration can be used transparently with the plugin and can be configured independently.
There are some considerations to take into account:
- Does the MCU include a hardware crypto unit (e.g. CAAM on i.MX6)?
- Which setup would result in a performance gain (e.g data block size on i.MX6)?
- Is the cipher to be used supported by the hardware crypto unit and the kernel driver?
- Is the kernel driver implemented efficiently?
See:
test pipelines for release2.0
Raw data file
Encode
gst-launch-1.0 filesrc location=small-file.file ! crypto mode=enc ! filesink location=small-file.file.enc
Decode
gst-launch-1.0 filesrc location=small-file.file.enc ! crypto mode=dec ! filesink location=output.dec
Notes: 1 byte file, content was verified before/after crypto encode/decode, data was not affected by encode/decode process
Big Buck Bunny avi file
Encode file with gst-crypto
gst-launch-1.0 filesrc location=big_buck_bunny_1080p_surround.avi ! crypto mode=enc ! filesink location=big_buck_bunny_1080p_surround.avi.enc
Decode and display
gst-launch-1.0 filesrc location=big_buck_bunny_1080p_surround.avi.enc blocksize=4096 ! crypto mode=dec ! queue ! avidemux ! avdec_mpeg4 ! xvimagesink
Encoding with openssl Decoding also work when using openssl for encoding
Encode with openssl
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in big_buck_bunny_1080p_surround.avi -out openssl-enc-big_buck_bunny_1080p_surround.avi.enc
Decode and display
gst-launch-1.0 filesrc location=openssl-enc-big_buck_bunny_1080p_surround.avi.enc blocksize=4096 ! crypto mode=dec ! queue ! avidemux ! avdec_mpeg4 ! xvimagesink
Audio/video decode file Note: this pipeline can be optimized, just for testing.
GST_DEBUG=3 gst-launch-1.0 filesrc location=big_buck_bunny_1080p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux name=demux demux.video_0 ! 'video/mpeg, mpegversion=(int)4' ! queue ! avdec_mpeg4 ! xvimagesink async=false demux.audio_0 ! queue ! decodebin ! audioconvert ! alsasink async=false
iMX6 example pipelines
Tested on iMX6 Nitrogen6x board with RidgeRun SDK:
Avi decrypt and playback
gst-launch-1.0 filesrc location=/mnt/big_buck_bunny_1080p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux name=demux demux.video_0 ! 'video/mpeg, mpegversion=(int)4' ! queue ! vpudec ! imxv4l2sink name=videosink device=/dev/video17 async=false
iMX6 transport stream
gst-launch-1.0 filesrc location=/mnt/test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! vpudec ! imxv4l2sink name=videosink device=/dev/video17 async=false