gst-crypto GStreamer插件

gst-crypto GStreamer插件

内容

• 1. gst-crypto概述
  • 1.1gst-crypto GStreamer插件功能
  • 1.2用例范例
  • 2. GStreamer插件支持
  • 3. 在本地Linux PC上构建并运行
    • 3.1源代码获取
      • 3.1.1GStreamer 0.10.x
      • 3.1.2GStreamer 1.x
• 3.2汇编
• 4. gst-crypto源代码
  • 4.1位置
  • 5. RR SDK集成
    • 5.1 GStreamer 0.10.x
      • 5.1.1子目录结构
      • 5.1.2fs / apps / gst-crypto-0.10.0 / Config
      • 5.1.3fs / apps / gst-crypto-0.10.0 / Makefile
      • 5.1.4fs / apps / gst-crypto-0.10.0 / metainfo
      • 5.1.5RR SDK GStreamer配置
        • 5.1.5.1执行
        • 5.1.5.2组态
• 5.2 GStreamer 1.x
  • 5.2.1子目录结构
  • 5.2.2fs / apps / gst-crypto-1.0 / Config
  • 5.2.3fs / apps / gst-crypto-1.0 / Makefile
  • 5.2.4fs / apps / gst-crypto-1.0 / metainfo
  • 5.2.5RR SDK GStreamer配置
    • 5.2.5.1执行
    • 5.2.5.2组态
    • 6. 管道示例
      • 6.1测试管道
        • 6.1.1GStreamer 0.10.x
          • 6.1.1.1在常规安装到/usr/lib/gstreamer-0.10之后的RR SDK上
          • 6.1.1.2在默认安装到/usr/local/lib/gstreamer.0.10之后的Ubuntu上
    • 6.1.2GStreamer 1.x
      • 6.1.2.1在常规安装到/usr/lib/gstreamer-1.0之后的RR SDK上
      • 6.1.2.2在默认安装到/usr/local/lib/gstreamer-1.0之后的Ubuntu上
• 6.2使用openssl工具创建加密的视频并播放
  • 6.2.1下载演示视频
  • 6.2.2加密
  • 6.2.3回放
    • 6.2.3.1在本地显示器上播放
      • 6.2.3.1.1GStreamer 0.10.x
      • 6.2.3.1.2在常规安装到/usr/lib/gstreamer-0.10之后的RR SDK上
      • 6.2.3.1.3在默认安装到/usr/local/lib/gstreamer-0.10之后的Ubuntu上
      • 6.2.3.1.4 GStreamer 1.x
      • 6.2.3.1.5在常规安装到/usr/lib/gstreamer-1.0之后的RR SDK上
      • 6.2.3.1.6在默认安装到/usr/local/lib/gstreamer-1.0之后的Ubuntu上
      • 6.2.3.2流到主机
        • 6.2.3.2.1在目标板上
        • 6.2.3.2.2GStreamer 0.10.x
        • 6.2.3.2.3GStreamer 1.x
        • 6.2.3.3在主机上
• 6.3编码/解码播放管道
  • 6.3.1GStreamer 1.0
• 6.4编码/解码实时流水线
  • 6.4.1GStreamer 1.0
• 6.5编码/解码Udpstream
  • 6.5.1GStreamer 1.0
    • 6.5.1.1H264 +传输流
    • 6.5.1.2 jpeg
• 6.6即时编码/解码
  • 6.6.1GStreamer 1.0
  • 7. 使用加密硬件加速
  • 8. 测试发布2.0的管道
    • 8.1原始数据文件
    • 8.2 Big Buck Bunny avi file avi文件

gst-crypto概述

RidgeRun的gst-crypto插件是一个GStreamer插件，可以轻松加密或解密通过GStreamer管道传递的内容。gst-crypto将利用任何可用的加密硬件加速器。gst-crypto基于OpenSSL，因此gst-crypto可以支持OpenSSL支持的任何加密技术。该插件支持任何支持opensl的​​加密/解密芯片，仅验证了aes-128-cbc和aes-256-cbc密码。 gst-crypto源代码尚未针对安全性缺陷进行专家审查。

另外，gst-crypto不支持查找和某些多路复用器/多路分解器，请在需要时咨询。解决方案支持解密时进行查找。

gst-crypto GStreamer插件功能

• 验证aes-128-cbc和aes-256-cbc密码支持
• 密码或密钥/ iv设置
• GStreamer 0.10.x支持
• GStreamer 1.x支持
• 将摄像头的音频/视频直接捕获到加密的媒体文件中。
• 解密流音频/视频并渲染到本地显示器/扬声器。

用例范例

GStreamer插件支持

获取所需的任何修改或扩展，以及与其他嵌入式Linux系统（例如Ubuntu，Yocto等）的集成。

在本地Linux PC上构建并运行

在Ubuntu-14.04 64位上测试：

源代码获取

git clone git@github.com：RidgeRun / gst-crypto

cd gst-crypto

GStreamer 0.10.x

git checkout release-0.10

GStreamer 1.x

git checkout release-1.0

注意：也有带标签的版本。

Compilation

./autogen.sh

./configure --libdir=/usr/lib/x86_64-linux-gnu/

make 

sudo make install

插件的位置可能会因系统而异。下表总结了不同设置的一些标准位置

 

如果不想安装到系统中，可以使用以下命令指定目录路径：

GST_PLUGIN_PATH=src/.libs/ gst-launch ....

gst-crypto源代码

https://github.com/RidgeRun/gst-crypto

SDK集成

可以使用SDK：

• i.MX6 SabreLite board - with crypto hardware acceleration
• DM368 Leopard board - no crypto hardware available

GStreamer 0.10.x

注意： v0.10.0（gst-crypto-0.10.0.tar.gz）包含一个bug错误，该错误将GStreamer插件命名为gst-crypto而不是crypto。在运行测试管道时，记住这一点。

子目录结构

 

fs/apps/gst-crypto-0.10.0/Config

 config FS_APPS_GST_CRYPTO

        bool "gst-crypto-0.10.0"

        select FS_APPS_GSTREAMER_PLUGINS_BASE

        help

          This option enables RidgeRuns gst-crypto plugin.

fs/apps/gst-crypto-0.10.0/Makefile

 #$L$

 # Copyright (C) 2015 Ridgerun (http://www.ridgerun.com). 

 ##$L$

 PKG_URL=*********************

 PKG_TARBALL=gst-crypto-0.10.0.tar.gz

 PKG_SHA1SUM=61fdeeeb81cc339764a0c637fcd486c3861fa1a8

 include ../../../bsp/classes/rrsdk.class

 include $(CLASSES)/gstreamer-plugin.class

fs/apps/gst-crypto-0.10.0/metainfo

 TARGET_REQUIRED="gstreamer gst-plugins-base"

SDK GStreamer configuration

Execution

 `make env`

  make config

Configuration

 File System Configuration  --->

   Select target's file system software  --->

     [*] gst-crypto-0.10.0

GStreamer 1.x

Subdirectory structure

 

 fs/apps/gst-crypto-1.0/Config

 config FS_APPS_GST_CRYPTO

        bool "gst-crypto-1.0"

        select FS_APPS_GSTREAMER_PLUGINS_BASE

        help

          This option enables RidgeRuns gst-crypto plugin.

fs/apps/gst-crypto-1.0/Makefile

 #$L$

 # Copyright (C) 2015 Ridgerun (http://www.ridgerun.com). 

 ##$L$

 PKG_URL=https://www.ridgerun.com/packages

 PKG_TARBALL=gst-crypto-1.0.tar.gz

 PKG_SHA1SUM=321bf7787bd4a4667c2f150df84bf6a9c138a15a

 include ../../../bsp/classes/rrsdk.class

 include $(CLASSES)/gstreamer-plugin.class

fs/apps/gst-crypto-1.0/metainfo

 TARGET_REQUIRED="gstreamer gst-plugins-base"

RR SDK GStreamer configuration

Execution

`make env`

 make config

Configuration

 File System Configuration  --->

   Select target's file system software  --->

     [*] gst-crypto-1.0

Example pipelines

Test pipeline

GStreamer 0.10.x

On RR SDK after regular installation to /usr/lib/gstreamer-0.10

echo "This is a crypto test ... " > plain.txt && gst-launch filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt

On Ubuntu after default installation to /usr/local/lib/gstreamer.0.10

echo "This is a crypto test ... " > plain.txt && gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=plain.txt ! crypto mode=enc ! gst-crypto mode=dec ! filesink location=dec.txt && cat dec.txt

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

 GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>

GStreamer 1.x

On RR SDK after regular installation to /usr/lib/gstreamer-1.0

echo "This is a crypto test ... " > plain.txt && gst-launch-1.0  filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt

On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0

echo "This is a crypto test ... " > plain.txt && gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto  ! <some other elements>

Creating an encrypted video with the openssl tool and playback

Download demo video

wget http://blender-mirror.kino3d.org/peach/bigbuckbunny_movies/big_buck_bunny_720p_surround.avi

Encrypt

openssl enc -k RidgeRun -nosalt -aes-128-cbc -in big_buck_bunny_720p_surround.avi -out big_buck_bunny_720p_surround.avi.enc

Playback

Playback on a local display

GStreamer 0.10.x

On RR SDK after regular installation to /usr/lib/gstreamer-0.10

gst-launch filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10

gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>

GStreamer 1.x

On RR SDK after regular installation to /usr/lib/gstreamer-1.0

gst-launch-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0

gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! decodebin ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto  ! <some other elements>

Streaming to a host

On the target board

GStreamer 0.10.x

On RR SDK after regular installation to /usr/lib/gstreamer-0.10

gst-launch filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10

gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>

GStreamer 1.x

On RR SDK after regular installation to /usr/lib/gstreamer-1.0

gst-launch-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0

gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system.

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:

GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto  ! <some other elements>

On the host

gst-launch udpsrc port=3000 ! mpegtsdemux ! queue ! decodebin ! fpsdisplaysink sync=true async=false

Encoding/Decoding Playback Pipelines

GStreamer 1.0

• TS - encrypting with gstcrypto

gst-launch-1.0 -e videotestsrc is-live=true !  x264enc  ! queue ! h264parse ! mpegtsmux !  filesink location=test.ts sync=true

gst-launch-1.0 filesrc location=test.ts ! crypto mode=enc ! filesink location=test.ts.enc

gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink

• AVI - encrypting with gstcrypto

gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi

gst-launch-1.0 filesrc location=test.avi ! crypto mode=enc ! filesink location=test.avi.enc

gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink

• QuickTime - encrypting with gstcrypto

wget https://download.blender.org/peach/bigbuckbunny_movies/big_buck_bunny_480p_h264.mov

gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov ! crypto mode=enc ! filesink location=big_buck_bunny_480p_h264.mov.enc

gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.enc ! crypto mode=dec ! filesink location=big_buck_bunny_480p_h264.mov.dec

gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.dec ! qtdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink

• TS - encrypting with openssl

gst-launch-1.0 -e videotestsrc is-live=true !  x264enc  ! queue ! h264parse ! mpegtsmux !  filesink location=test.ts sync=true

openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.ts -out test.ts.enc

gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink

• AVI - encrypting with openssl

gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi

openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.avi -out test.avi.enc

gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink

Encoding/Decoding Livestream Pipelines

GStreamer 1.0

• TS - Encrypting Camera livestream with GstCrypto to a file

gst-launch-1.0 -e v4l2src device=/dev/video0 ! queue !  x264enc  ! queue ! h264parse ! mpegtsmux ! queue ! rndbuffersize min=4096 max=4096 !  crypto mode=enc ! filesink location=live.ts.enc

• TS - Decrypt encoded file from the camera livestream

gst-launch-1.0 filesrc location=live.ts.enc blocksize=4096 ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink

• TS - Decrypt encoded file to a video file

gst-launch-1.0 filesrc location=live.ts.enc blocksize=4096 ! crypto mode=dec ! queue ! tsparse ! queue ! filesink location=live.ts sync=false

Encoding/Decoding Udpstream

GStreamer 1.0

H264 + Transport Stream

• Server

gst-launch-1.0 videotestsrc is-live=true pattern=ball ! x264enc ! h264parse ! mpegtsmux ! tsparse ! rndbuffersize min=4096 max=4096  ! queue  ! crypto mode=enc ! queue ! udpsink port=5000 

• Receiver: Decrypt to a file

gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! crypto mode=dec  ! queue  ! tsparse ! queue  ! filesink location=udpstream.ts

• Receiver: Save encrypted udpstream

gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! filesink location=udpstream.ts.enc

Jpeg

• Server

gst-launch-1.0 videotestsrc is-live=true pattern=ball ! jpegenc ! queue ! rndbuffersize min=4096 max=4096  ! queue  ! crypto mode=enc  ! queue ! udpsink port=5000

• Receiver: Decrypt to a display

gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! crypto mode=dec  ! queue  ! jpegparse ! jpegdec  ! queue  ! xvimagesink sync=false

Encoding/Decoding on the Fly

GStreamer 1.0

• Encoding, decoding and sending output to display in one pipeline

gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! jpegenc ! queue ! rndbuffersize min=4096 max=4096 ! crypto mode=enc ! queue  ! crypto mode=dec !  jpegparse  ! jpegdec  ! xvimagesink

使用加密硬件加速

加密硬件加速可以与插件透明使用，并且可以独立配置。

有一些注意事项：

• MCU是否包括硬件加密单元（例如，i.MX6上的CAAM）？
• 哪种设置可以提高性能（例如，i.MX6上的数据块大小）？
• 硬件加密单元和内核驱动程序是否支持要使用的密码？
• 内核驱动程序是否有效实施？