mirror of
https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs.git
synced 2024-11-26 05:21:00 +00:00
Add libsodium-based encrypter/decrypter elements
With some changes by Sebastian Dröge <sebastian@centricular.com>
This commit is contained in:
parent
075cb97b3f
commit
8c03237949
15 changed files with 2279 additions and 3 deletions
|
@ -12,8 +12,11 @@ stages:
|
||||||
stage: "test"
|
stage: "test"
|
||||||
variables:
|
variables:
|
||||||
G_DEBUG: "fatal_warnings"
|
G_DEBUG: "fatal_warnings"
|
||||||
|
SODIUM_USE_PKG_CONFIG: "true"
|
||||||
DEPENDENCIES: |
|
DEPENDENCIES: |
|
||||||
curl
|
curl
|
||||||
|
file
|
||||||
|
libsodium-dev
|
||||||
libssl-dev
|
libssl-dev
|
||||||
liborc-0.4-dev
|
liborc-0.4-dev
|
||||||
libglib2.0-dev
|
libglib2.0-dev
|
||||||
|
@ -54,10 +57,10 @@ stages:
|
||||||
- cargo test --all-features --all --color=always
|
- cargo test --all-features --all --color=always
|
||||||
- cargo build --all-features --examples --all --color=always
|
- cargo build --all-features --examples --all --color=always
|
||||||
|
|
||||||
test 1.31:
|
test 1.32:
|
||||||
# 1.31 img
|
# 1.32 img
|
||||||
# https://hub.docker.com/_/rust/
|
# https://hub.docker.com/_/rust/
|
||||||
image: "rust:1.31-slim"
|
image: "rust:1.32-slim"
|
||||||
<<: *cargo_test
|
<<: *cargo_test
|
||||||
|
|
||||||
test stable:
|
test stable:
|
||||||
|
|
|
@ -9,6 +9,7 @@ members = [
|
||||||
"gst-plugin-threadshare",
|
"gst-plugin-threadshare",
|
||||||
"gst-plugin-tutorial",
|
"gst-plugin-tutorial",
|
||||||
"gst-plugin-closedcaption",
|
"gst-plugin-closedcaption",
|
||||||
|
"gst-plugin-sodium",
|
||||||
]
|
]
|
||||||
|
|
||||||
[profile.release]
|
[profile.release]
|
||||||
|
|
51
gst-plugin-sodium/Cargo.toml
Normal file
51
gst-plugin-sodium/Cargo.toml
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
[package]
|
||||||
|
name = "gst-plugin-sodium"
|
||||||
|
version = "0.1.0"
|
||||||
|
authors = ["Jordan Petridis <jordan@centricular.com>"]
|
||||||
|
edition = "2018"
|
||||||
|
|
||||||
|
[dependencies]
|
||||||
|
glib = { git = "https://github.com/gtk-rs/glib" }
|
||||||
|
gst = { git = "https://gitlab.freedesktop.org/gstreamer/gstreamer-rs", features = ["subclassing", "v1_14"], package="gstreamer" }
|
||||||
|
gst-base = { git = "https://gitlab.freedesktop.org/gstreamer/gstreamer-rs", features = ["subclassing", "v1_14"], package = "gstreamer-base" }
|
||||||
|
sodiumoxide = "0.2.1"
|
||||||
|
lazy_static = "1.3.0"
|
||||||
|
hex = "0.3.2"
|
||||||
|
smallvec = "0.6"
|
||||||
|
|
||||||
|
# example
|
||||||
|
clap = { version = "2.33", optional = true }
|
||||||
|
serde = { version = "1.0", features = ["derive"], optional = true }
|
||||||
|
serde_json = { version = "1.0", optional = true }
|
||||||
|
|
||||||
|
[dev-dependencies]
|
||||||
|
pretty_assertions = "0.6"
|
||||||
|
rand = "0.6"
|
||||||
|
|
||||||
|
[dev-dependencies.gst-check]
|
||||||
|
git = "https://gitlab.freedesktop.org/gstreamer/gstreamer-rs"
|
||||||
|
package="gstreamer-check"
|
||||||
|
|
||||||
|
[dev-dependencies.gst-app]
|
||||||
|
git = "https://gitlab.freedesktop.org/gstreamer/gstreamer-rs"
|
||||||
|
package="gstreamer-app"
|
||||||
|
|
||||||
|
[lib]
|
||||||
|
name = "gstrssodium"
|
||||||
|
crate-type = ["cdylib", "rlib"]
|
||||||
|
path = "src/lib.rs"
|
||||||
|
|
||||||
|
[[example]]
|
||||||
|
name = "generate-keys"
|
||||||
|
path = "examples/generate_keys.rs"
|
||||||
|
required-features = ["serde", "serde_json", "clap"]
|
||||||
|
|
||||||
|
[[example]]
|
||||||
|
name = "encrypt-example"
|
||||||
|
path = "examples/encrypt_example.rs"
|
||||||
|
required-features = ["serde", "serde_json", "clap"]
|
||||||
|
|
||||||
|
[[example]]
|
||||||
|
name = "decrypt-example"
|
||||||
|
path = "examples/decrypt_example.rs"
|
||||||
|
required-features = ["serde", "serde_json", "clap"]
|
149
gst-plugin-sodium/examples/decrypt_example.rs
Normal file
149
gst-plugin-sodium/examples/decrypt_example.rs
Normal file
|
@ -0,0 +1,149 @@
|
||||||
|
// decrypt_example.rs
|
||||||
|
//
|
||||||
|
// Copyright 2019 Jordan Petridis <jordan@centricular.com>
|
||||||
|
//
|
||||||
|
// Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
// of this software and associated documentation files (the "Software"), to
|
||||||
|
// deal in the Software without restriction, including without limitation the
|
||||||
|
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
||||||
|
// sell copies of the Software, and to permit persons to whom the Software is
|
||||||
|
// furnished to do so, subject to the following conditions:
|
||||||
|
//
|
||||||
|
// The above copyright notice and this permission notice shall be included in
|
||||||
|
// all copies or substantial portions of the Software.
|
||||||
|
//
|
||||||
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||||
|
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
||||||
|
// IN THE SOFTWARE.
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
use glib::prelude::*;
|
||||||
|
use gst::prelude::*;
|
||||||
|
use sodiumoxide::crypto::box_;
|
||||||
|
|
||||||
|
use std::error::Error;
|
||||||
|
use std::fs::File;
|
||||||
|
use std::path::PathBuf;
|
||||||
|
|
||||||
|
use clap::{App, Arg};
|
||||||
|
use serde::{Deserialize, Serialize};
|
||||||
|
use serde_json;
|
||||||
|
|
||||||
|
#[derive(Debug, Serialize, Deserialize)]
|
||||||
|
struct Keys {
|
||||||
|
public: box_::PublicKey,
|
||||||
|
private: box_::SecretKey,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Keys {
|
||||||
|
fn from_file(file: &PathBuf) -> Result<Self, Box<dyn Error>> {
|
||||||
|
let f = File::open(&file)?;
|
||||||
|
serde_json::from_reader(f).map_err(From::from)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn main() -> Result<(), Box<dyn Error>> {
|
||||||
|
let matches = App::new("Decrypt a gstsodium10 file.")
|
||||||
|
.version("1.0")
|
||||||
|
.author("Jordan Petridis <jordan@centricular.com>")
|
||||||
|
.arg(
|
||||||
|
Arg::with_name("input")
|
||||||
|
.short("i")
|
||||||
|
.long("input")
|
||||||
|
.value_name("FILE")
|
||||||
|
.help("File to encrypt")
|
||||||
|
.required(true)
|
||||||
|
.takes_value(true),
|
||||||
|
)
|
||||||
|
.arg(
|
||||||
|
Arg::with_name("output")
|
||||||
|
.short("o")
|
||||||
|
.long("output")
|
||||||
|
.value_name("FILE")
|
||||||
|
.help("File to decrypt")
|
||||||
|
.required(true)
|
||||||
|
.takes_value(true),
|
||||||
|
)
|
||||||
|
.get_matches();
|
||||||
|
|
||||||
|
gst::init()?;
|
||||||
|
|
||||||
|
let input_loc = matches.value_of("input").unwrap();
|
||||||
|
let out_loc = matches.value_of("output").unwrap();
|
||||||
|
|
||||||
|
let receiver_keys = {
|
||||||
|
let mut r = PathBuf::new();
|
||||||
|
r.push(env!("CARGO_MANIFEST_DIR"));
|
||||||
|
r.push("examples");
|
||||||
|
r.push("receiver_sample");
|
||||||
|
r.set_extension("json");
|
||||||
|
r
|
||||||
|
};
|
||||||
|
|
||||||
|
let sender_keys = {
|
||||||
|
let mut s = PathBuf::new();
|
||||||
|
s.push(env!("CARGO_MANIFEST_DIR"));
|
||||||
|
s.push("examples");
|
||||||
|
s.push("sender_sample");
|
||||||
|
s.set_extension("json");
|
||||||
|
s
|
||||||
|
};
|
||||||
|
|
||||||
|
let receiver = &Keys::from_file(&receiver_keys)?;
|
||||||
|
let sender = &Keys::from_file(&sender_keys)?;
|
||||||
|
|
||||||
|
let filesrc = gst::ElementFactory::make("filesrc", None).unwrap();
|
||||||
|
let decrypter = gst::ElementFactory::make("rssodiumdecrypter", None).unwrap();
|
||||||
|
let typefind = gst::ElementFactory::make("typefind", None).unwrap();
|
||||||
|
let filesink = gst::ElementFactory::make("filesink", None).unwrap();
|
||||||
|
|
||||||
|
filesrc
|
||||||
|
.set_property("location", &input_loc)
|
||||||
|
.expect("Failed to set location property");
|
||||||
|
filesink
|
||||||
|
.set_property("location", &out_loc)
|
||||||
|
.expect("Failed to set location property");
|
||||||
|
|
||||||
|
decrypter.set_property("receiver-key", &glib::Bytes::from_owned(receiver.private.0))?;
|
||||||
|
decrypter.set_property("sender-key", &glib::Bytes::from_owned(sender.public))?;
|
||||||
|
|
||||||
|
let pipeline = gst::Pipeline::new(Some("test-pipeline"));
|
||||||
|
pipeline
|
||||||
|
.add_many(&[&filesrc, &decrypter, &typefind, &filesink])
|
||||||
|
.expect("failed to add elements to the pipeline");
|
||||||
|
gst::Element::link_many(&[&filesrc, &decrypter, &typefind, &filesink])
|
||||||
|
.expect("failed to link the elements");
|
||||||
|
|
||||||
|
pipeline
|
||||||
|
.set_state(gst::State::Playing)
|
||||||
|
.expect("Unable to set the pipeline to the `Playing` state");
|
||||||
|
|
||||||
|
let bus = pipeline.get_bus().unwrap();
|
||||||
|
for msg in bus.iter_timed(gst::CLOCK_TIME_NONE) {
|
||||||
|
use gst::MessageView;
|
||||||
|
match msg.view() {
|
||||||
|
MessageView::Error(err) => {
|
||||||
|
eprintln!(
|
||||||
|
"Error received from element {:?}: {}",
|
||||||
|
err.get_src().map(|s| s.get_path_string()),
|
||||||
|
err.get_error()
|
||||||
|
);
|
||||||
|
eprintln!("Debugging information: {:?}", err.get_debug());
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
MessageView::Eos(..) => break,
|
||||||
|
_ => (),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pipeline
|
||||||
|
.set_state(gst::State::Null)
|
||||||
|
.expect("Unable to set the pipeline to the `Playing` state");
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
144
gst-plugin-sodium/examples/encrypt_example.rs
Normal file
144
gst-plugin-sodium/examples/encrypt_example.rs
Normal file
|
@ -0,0 +1,144 @@
|
||||||
|
// encrypt_example.rs
|
||||||
|
//
|
||||||
|
// Copyright 2019 Jordan Petridis <jordan@centricular.com>
|
||||||
|
//
|
||||||
|
// Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
// of this software and associated documentation files (the "Software"), to
|
||||||
|
// deal in the Software without restriction, including without limitation the
|
||||||
|
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
||||||
|
// sell copies of the Software, and to permit persons to whom the Software is
|
||||||
|
// furnished to do so, subject to the following conditions:
|
||||||
|
//
|
||||||
|
// The above copyright notice and this permission notice shall be included in
|
||||||
|
// all copies or substantial portions of the Software.
|
||||||
|
//
|
||||||
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||||
|
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
||||||
|
// IN THE SOFTWARE.
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
use glib::prelude::*;
|
||||||
|
use gst::prelude::*;
|
||||||
|
use sodiumoxide::crypto::box_;
|
||||||
|
|
||||||
|
use std::error::Error;
|
||||||
|
use std::fs::File;
|
||||||
|
use std::path::PathBuf;
|
||||||
|
|
||||||
|
use clap::{App, Arg};
|
||||||
|
use serde::{Deserialize, Serialize};
|
||||||
|
use serde_json;
|
||||||
|
|
||||||
|
#[derive(Debug, Serialize, Deserialize)]
|
||||||
|
struct Keys {
|
||||||
|
public: box_::PublicKey,
|
||||||
|
private: box_::SecretKey,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Keys {
|
||||||
|
fn from_file(file: &PathBuf) -> Result<Self, Box<dyn Error>> {
|
||||||
|
let f = File::open(&file)?;
|
||||||
|
serde_json::from_reader(f).map_err(From::from)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn main() -> Result<(), Box<dyn Error>> {
|
||||||
|
let matches = App::new("Encrypt a file with in the gstsodium10 format")
|
||||||
|
.version("1.0")
|
||||||
|
.author("Jordan Petridis <jordan@centricular.com>")
|
||||||
|
.arg(
|
||||||
|
Arg::with_name("input")
|
||||||
|
.short("i")
|
||||||
|
.long("input")
|
||||||
|
.value_name("FILE")
|
||||||
|
.help("File to encrypt")
|
||||||
|
.required(true)
|
||||||
|
.takes_value(true),
|
||||||
|
)
|
||||||
|
.arg(
|
||||||
|
Arg::with_name("output")
|
||||||
|
.short("o")
|
||||||
|
.long("output")
|
||||||
|
.value_name("FILE")
|
||||||
|
.help("File to decrypt")
|
||||||
|
.required(true)
|
||||||
|
.takes_value(true),
|
||||||
|
)
|
||||||
|
.get_matches();
|
||||||
|
|
||||||
|
gst::init()?;
|
||||||
|
|
||||||
|
let input_loc = matches.value_of("input").unwrap();
|
||||||
|
let out_loc = matches.value_of("output").unwrap();
|
||||||
|
|
||||||
|
let receiver_keys = {
|
||||||
|
let mut r = PathBuf::new();
|
||||||
|
r.push(env!("CARGO_MANIFEST_DIR"));
|
||||||
|
r.push("examples");
|
||||||
|
r.push("receiver_sample");
|
||||||
|
r.set_extension("json");
|
||||||
|
r
|
||||||
|
};
|
||||||
|
|
||||||
|
let sender_keys = {
|
||||||
|
let mut s = PathBuf::new();
|
||||||
|
s.push(env!("CARGO_MANIFEST_DIR"));
|
||||||
|
s.push("examples");
|
||||||
|
s.push("sender_sample");
|
||||||
|
s.set_extension("json");
|
||||||
|
s
|
||||||
|
};
|
||||||
|
|
||||||
|
let receiver = &Keys::from_file(&receiver_keys)?;
|
||||||
|
let sender = &Keys::from_file(&sender_keys)?;
|
||||||
|
|
||||||
|
let filesrc = gst::ElementFactory::make("filesrc", None).unwrap();
|
||||||
|
let encrypter = gst::ElementFactory::make("rssodiumencrypter", None).unwrap();
|
||||||
|
let filesink = gst::ElementFactory::make("filesink", None).unwrap();
|
||||||
|
|
||||||
|
filesrc
|
||||||
|
.set_property("location", &input_loc)
|
||||||
|
.expect("Failed to set location property");
|
||||||
|
filesink
|
||||||
|
.set_property("location", &out_loc)
|
||||||
|
.expect("Failed to set location property");
|
||||||
|
|
||||||
|
encrypter.set_property("receiver-key", &glib::Bytes::from_owned(receiver.public))?;
|
||||||
|
encrypter.set_property("sender-key", &glib::Bytes::from_owned(sender.private.0))?;
|
||||||
|
|
||||||
|
let pipeline = gst::Pipeline::new(Some("test-pipeline"));
|
||||||
|
pipeline
|
||||||
|
.add_many(&[&filesrc, &encrypter, &filesink])
|
||||||
|
.expect("failed to add elements to the pipeline");
|
||||||
|
gst::Element::link_many(&[&filesrc, &encrypter, &filesink])
|
||||||
|
.expect("failed to link the elements");
|
||||||
|
|
||||||
|
pipeline.set_state(gst::State::Playing)?;
|
||||||
|
|
||||||
|
let bus = pipeline.get_bus().unwrap();
|
||||||
|
for msg in bus.iter_timed(gst::CLOCK_TIME_NONE) {
|
||||||
|
use gst::MessageView;
|
||||||
|
match msg.view() {
|
||||||
|
MessageView::Error(err) => {
|
||||||
|
eprintln!(
|
||||||
|
"Error received from element {:?}: {}",
|
||||||
|
err.get_src().map(|s| s.get_path_string()),
|
||||||
|
err.get_error()
|
||||||
|
);
|
||||||
|
eprintln!("Debugging information: {:?}", err.get_debug());
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
MessageView::Eos(..) => break,
|
||||||
|
_ => (),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pipeline.set_state(gst::State::Null)?;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
101
gst-plugin-sodium/examples/generate_keys.rs
Normal file
101
gst-plugin-sodium/examples/generate_keys.rs
Normal file
|
@ -0,0 +1,101 @@
|
||||||
|
// generate_keys.rs
|
||||||
|
//
|
||||||
|
// Copyright 2019 Jordan Petridis <jordan@centricular.com>
|
||||||
|
//
|
||||||
|
// Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
// of this software and associated documentation files (the "Software"), to
|
||||||
|
// deal in the Software without restriction, including without limitation the
|
||||||
|
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
||||||
|
// sell copies of the Software, and to permit persons to whom the Software is
|
||||||
|
// furnished to do so, subject to the following conditions:
|
||||||
|
//
|
||||||
|
// The above copyright notice and this permission notice shall be included in
|
||||||
|
// all copies or substantial portions of the Software.
|
||||||
|
//
|
||||||
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||||
|
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
||||||
|
// IN THE SOFTWARE.
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
use clap::{App, Arg};
|
||||||
|
use serde::{Deserialize, Serialize};
|
||||||
|
use serde_json;
|
||||||
|
use sodiumoxide::crypto::box_;
|
||||||
|
use std::fs::File;
|
||||||
|
|
||||||
|
#[derive(Debug, Serialize, Deserialize)]
|
||||||
|
struct Keys {
|
||||||
|
public: box_::PublicKey,
|
||||||
|
private: box_::SecretKey,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Keys {
|
||||||
|
fn new() -> Self {
|
||||||
|
let (public, private) = box_::gen_keypair();
|
||||||
|
Keys { public, private }
|
||||||
|
}
|
||||||
|
|
||||||
|
fn write_to_file(&self, path: &str, json: bool) {
|
||||||
|
if json {
|
||||||
|
let path = if !path.ends_with(".json") {
|
||||||
|
format!("{}.json", path)
|
||||||
|
} else {
|
||||||
|
path.into()
|
||||||
|
};
|
||||||
|
|
||||||
|
let file = File::create(&path).expect(&format!("Failed to create file at {}", path));
|
||||||
|
serde_json::to_writer(file, &self)
|
||||||
|
.expect(&format!("Failed to write to file at {}", path));
|
||||||
|
} else {
|
||||||
|
use std::io::Write;
|
||||||
|
use std::path::PathBuf;
|
||||||
|
|
||||||
|
let mut private = PathBuf::from(path);
|
||||||
|
private.set_extension("prv");
|
||||||
|
let mut file = File::create(&private)
|
||||||
|
.expect(&format!("Failed to create file at {}", private.display()));
|
||||||
|
file.write_all(&self.private.0)
|
||||||
|
.expect(&format!("Failed to write to file at {}", private.display()));
|
||||||
|
|
||||||
|
let mut public = PathBuf::from(path);
|
||||||
|
public.set_extension("pub");
|
||||||
|
let mut file = File::create(&public)
|
||||||
|
.expect(&format!("Failed to create file at {}", public.display()));
|
||||||
|
file.write_all(self.public.as_ref())
|
||||||
|
.expect(&format!("Failed to write to file at {}", public.display()));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn main() {
|
||||||
|
let matches = App::new("Generate the keys to be used with the sodium element")
|
||||||
|
.version("1.0")
|
||||||
|
.author("Jordan Petridis <jordan@centricular.com>")
|
||||||
|
.about("Generate a pair of Sodium's crypto_box_curve25519xsalsa20poly1305 keys.")
|
||||||
|
.arg(
|
||||||
|
Arg::with_name("path")
|
||||||
|
.long("path")
|
||||||
|
.short("p")
|
||||||
|
.value_name("FILE")
|
||||||
|
.help("Path to write the Keys")
|
||||||
|
.required(true)
|
||||||
|
.takes_value(true),
|
||||||
|
)
|
||||||
|
.arg(
|
||||||
|
Arg::with_name("json")
|
||||||
|
.long("json")
|
||||||
|
.short("j")
|
||||||
|
.help("Write a JSON file instead of a key.prv/key.pub pair"),
|
||||||
|
)
|
||||||
|
.get_matches();
|
||||||
|
|
||||||
|
let keys = Keys::new();
|
||||||
|
|
||||||
|
let path = matches.value_of("path").unwrap();
|
||||||
|
keys.write_to_file(path, matches.is_present("json"));
|
||||||
|
}
|
2
gst-plugin-sodium/examples/receiver_sample.json
Normal file
2
gst-plugin-sodium/examples/receiver_sample.json
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
|
||||||
|
{"public":[28,95,33,124,28,103,80,78,7,28,234,40,226,179,253,166,169,64,78,5,57,92,151,179,221,89,68,70,44,225,219,19],"private":[54,221,217,54,94,235,167,2,187,249,71,31,59,27,19,166,78,236,102,48,29,142,41,189,22,146,218,69,147,165,240,235]}
|
1
gst-plugin-sodium/examples/sender_sample.json
Normal file
1
gst-plugin-sodium/examples/sender_sample.json
Normal file
|
@ -0,0 +1 @@
|
||||||
|
{"public":[66,248,199,74,216,55,228,116,52,17,147,56,65,130,134,148,157,153,235,171,179,147,120,71,100,243,133,120,160,14,111,65],"private":[154,227,90,239,206,184,202,234,176,161,14,91,218,98,142,13,145,223,210,222,224,240,98,51,142,165,255,1,159,100,242,162]}
|
695
gst-plugin-sodium/src/decrypter.rs
Normal file
695
gst-plugin-sodium/src/decrypter.rs
Normal file
|
@ -0,0 +1,695 @@
|
||||||
|
// decrypter.rs
|
||||||
|
//
|
||||||
|
// Copyright 2019 Jordan Petridis <jordan@centricular.com>
|
||||||
|
//
|
||||||
|
// Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
// of this software and associated documentation files (the "Software"), to
|
||||||
|
// deal in the Software without restriction, including without limitation the
|
||||||
|
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
||||||
|
// sell copies of the Software, and to permit persons to whom the Software is
|
||||||
|
// furnished to do so, subject to the following conditions:
|
||||||
|
//
|
||||||
|
// The above copyright notice and this permission notice shall be included in
|
||||||
|
// all copies or substantial portions of the Software.
|
||||||
|
//
|
||||||
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||||
|
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
||||||
|
// IN THE SOFTWARE.
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
use glib::prelude::*;
|
||||||
|
use glib::subclass;
|
||||||
|
use glib::subclass::prelude::*;
|
||||||
|
use gst::prelude::*;
|
||||||
|
use gst::subclass::prelude::*;
|
||||||
|
use sodiumoxide::crypto::box_;
|
||||||
|
|
||||||
|
use std::sync::Mutex;
|
||||||
|
|
||||||
|
lazy_static! {
|
||||||
|
static ref CAT: gst::DebugCategory = {
|
||||||
|
gst::DebugCategory::new(
|
||||||
|
"rssodiumdecrypter",
|
||||||
|
gst::DebugColorFlags::empty(),
|
||||||
|
"Decrypter Element",
|
||||||
|
)
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
static PROPERTIES: [subclass::Property; 2] = [
|
||||||
|
subclass::Property("receiver-key", |name| {
|
||||||
|
glib::ParamSpec::boxed(
|
||||||
|
name,
|
||||||
|
"Receiver Key",
|
||||||
|
"The private key of the Reeiver",
|
||||||
|
glib::Bytes::static_type(),
|
||||||
|
glib::ParamFlags::READWRITE,
|
||||||
|
)
|
||||||
|
}),
|
||||||
|
subclass::Property("sender-key", |name| {
|
||||||
|
glib::ParamSpec::boxed(
|
||||||
|
name,
|
||||||
|
"Sender Key",
|
||||||
|
"The public key of the Sender",
|
||||||
|
glib::Bytes::static_type(),
|
||||||
|
glib::ParamFlags::WRITABLE,
|
||||||
|
)
|
||||||
|
}),
|
||||||
|
];
|
||||||
|
|
||||||
|
#[derive(Debug, Clone, Default)]
|
||||||
|
struct Props {
|
||||||
|
receiver_key: Option<glib::Bytes>,
|
||||||
|
sender_key: Option<glib::Bytes>,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Debug)]
|
||||||
|
struct State {
|
||||||
|
adapter: gst_base::UniqueAdapter,
|
||||||
|
initial_nonce: Option<box_::Nonce>,
|
||||||
|
precomputed_key: box_::PrecomputedKey,
|
||||||
|
block_size: Option<u32>,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl State {
|
||||||
|
fn from_props(props: &Props) -> Result<Self, gst::ErrorMessage> {
|
||||||
|
let sender_key = props
|
||||||
|
.sender_key
|
||||||
|
.as_ref()
|
||||||
|
.and_then(|k| box_::PublicKey::from_slice(&k))
|
||||||
|
.ok_or_else(|| {
|
||||||
|
gst_error_msg!(
|
||||||
|
gst::ResourceError::NotFound,
|
||||||
|
[format!(
|
||||||
|
"Failed to set Sender's Key from property: {:?}",
|
||||||
|
props.sender_key
|
||||||
|
)
|
||||||
|
.as_ref()]
|
||||||
|
)
|
||||||
|
})?;
|
||||||
|
|
||||||
|
let receiver_key = props
|
||||||
|
.receiver_key
|
||||||
|
.as_ref()
|
||||||
|
.and_then(|k| box_::SecretKey::from_slice(&k))
|
||||||
|
.ok_or_else(|| {
|
||||||
|
gst_error_msg!(
|
||||||
|
gst::ResourceError::NotFound,
|
||||||
|
[format!(
|
||||||
|
"Failed to set Receiver's Key from property: {:?}",
|
||||||
|
props.receiver_key
|
||||||
|
)
|
||||||
|
.as_ref()]
|
||||||
|
)
|
||||||
|
})?;
|
||||||
|
|
||||||
|
let precomputed_key = box_::precompute(&sender_key, &receiver_key);
|
||||||
|
|
||||||
|
Ok(Self {
|
||||||
|
adapter: gst_base::UniqueAdapter::new(),
|
||||||
|
precomputed_key,
|
||||||
|
initial_nonce: None,
|
||||||
|
block_size: None,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
// Split the buffer into N(`chunk_index`) chunks of `block_size`,
|
||||||
|
// decrypt them, and push them to the internal adapter for further
|
||||||
|
// retreval
|
||||||
|
fn decrypt_into_adapter(
|
||||||
|
&mut self,
|
||||||
|
element: &gst::Element,
|
||||||
|
pad: &gst::Pad,
|
||||||
|
buffer: &gst::Buffer,
|
||||||
|
chunk_index: u64,
|
||||||
|
) -> Result<gst::FlowSuccess, gst::FlowError> {
|
||||||
|
let map = buffer.map_readable().ok_or_else(|| {
|
||||||
|
gst_element_error!(
|
||||||
|
element,
|
||||||
|
gst::StreamError::Format,
|
||||||
|
["Failed to map buffer readable"]
|
||||||
|
);
|
||||||
|
|
||||||
|
gst::FlowError::Error
|
||||||
|
})?;
|
||||||
|
|
||||||
|
gst_debug!(CAT, obj: pad, "Returned pull size: {}", map.len());
|
||||||
|
|
||||||
|
let mut nonce = add_nonce(self.initial_nonce.clone().unwrap(), chunk_index);
|
||||||
|
let block_size = self.block_size.expect("Block size wasn't set") as usize + box_::MACBYTES;
|
||||||
|
|
||||||
|
for subbuffer in map.chunks(block_size) {
|
||||||
|
let plain = box_::open_precomputed(&subbuffer, &nonce, &self.precomputed_key).map_err(
|
||||||
|
|_| {
|
||||||
|
gst_element_error!(
|
||||||
|
element,
|
||||||
|
gst::StreamError::Format,
|
||||||
|
["Failed to decrypt buffer"]
|
||||||
|
);
|
||||||
|
gst::FlowError::Error
|
||||||
|
},
|
||||||
|
)?;
|
||||||
|
// assumes little endian
|
||||||
|
nonce.increment_le_inplace();
|
||||||
|
self.adapter.push(gst::Buffer::from_mut_slice(plain));
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(gst::FlowSuccess::Ok)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Retrieve the requested buffer out of the adapter.
|
||||||
|
fn get_requested_buffer(
|
||||||
|
&mut self,
|
||||||
|
pad: &gst::Pad,
|
||||||
|
requested_size: u32,
|
||||||
|
adapter_offset: usize,
|
||||||
|
) -> Result<gst::Buffer, gst::FlowError> {
|
||||||
|
let avail = self.adapter.available();
|
||||||
|
gst_debug!(CAT, obj: pad, "Avail: {}", avail);
|
||||||
|
gst_debug!(CAT, obj: pad, "Adapter offset: {}", adapter_offset);
|
||||||
|
|
||||||
|
// if this underflows, the available buffer in the adapter is smaller than the
|
||||||
|
// requested offset, which means we have reached EOS
|
||||||
|
let available_buffer = avail
|
||||||
|
.checked_sub(adapter_offset)
|
||||||
|
.ok_or(gst::FlowError::Eos)?;
|
||||||
|
|
||||||
|
// if the available buffer size is smaller than the requested, its a short
|
||||||
|
// read and return that. Else return the requested size
|
||||||
|
let available_size = if available_buffer <= requested_size as usize {
|
||||||
|
available_buffer
|
||||||
|
} else {
|
||||||
|
requested_size as usize
|
||||||
|
};
|
||||||
|
|
||||||
|
if available_size == 0 {
|
||||||
|
self.adapter.clear();
|
||||||
|
|
||||||
|
// if the requested buffer was 0 sized, retunr an
|
||||||
|
// empty buffer
|
||||||
|
if requested_size == 0 {
|
||||||
|
return Ok(gst::Buffer::new());
|
||||||
|
}
|
||||||
|
|
||||||
|
return Err(gst::FlowError::Eos);
|
||||||
|
}
|
||||||
|
|
||||||
|
// discard what we don't need
|
||||||
|
assert!(self.adapter.available() >= adapter_offset);
|
||||||
|
self.adapter.flush(adapter_offset);
|
||||||
|
|
||||||
|
assert!(self.adapter.available() >= available_size);
|
||||||
|
let buffer = self
|
||||||
|
.adapter
|
||||||
|
.take_buffer(available_size)
|
||||||
|
.expect("Failed to get buffer from adapter");
|
||||||
|
|
||||||
|
// Cleanup the adapter
|
||||||
|
self.adapter.clear();
|
||||||
|
|
||||||
|
Ok(buffer)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Calculate the nonce of a block based on the initial nonce
|
||||||
|
/// and the block index in the stream.
|
||||||
|
///
|
||||||
|
/// This is a faster way of doing `(0..chunk_index).for_each(|_| nonce.increment_le_inplace());`
|
||||||
|
fn add_nonce(initial_nonce: box_::Nonce, chunk_index: u64) -> box_::Nonce {
|
||||||
|
let mut nonce = initial_nonce.0;
|
||||||
|
// convert our index to a bytes array
|
||||||
|
// add padding so our 8byte array of the chunk_index will have an
|
||||||
|
// equal length with the nonce, padding at the end cause little endian
|
||||||
|
let idx = chunk_index.to_le_bytes();
|
||||||
|
let idx = &[
|
||||||
|
idx[0], idx[1], idx[2], idx[3], 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||||
|
];
|
||||||
|
assert_eq!(idx.len(), box_::NONCEBYTES);
|
||||||
|
|
||||||
|
// add the chunk index to the nonce
|
||||||
|
sodiumoxide::utils::add_le(&mut nonce, idx).expect("Failed to calculate the nonce");
|
||||||
|
|
||||||
|
// construct back a nonce from our custom array
|
||||||
|
box_::Nonce::from_slice(&nonce).expect("Failed to convert slice back to Nonce")
|
||||||
|
}
|
||||||
|
|
||||||
|
struct Decrypter {
|
||||||
|
srcpad: gst::Pad,
|
||||||
|
sinkpad: gst::Pad,
|
||||||
|
props: Mutex<Props>,
|
||||||
|
state: Mutex<Option<State>>,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Decrypter {
|
||||||
|
fn set_pad_functions(_sinkpad: &gst::Pad, srcpad: &gst::Pad) {
|
||||||
|
srcpad.set_getrange_function(|pad, parent, offset, size| {
|
||||||
|
Decrypter::catch_panic_pad_function(
|
||||||
|
parent,
|
||||||
|
|| Err(gst::FlowError::Error),
|
||||||
|
|decrypter, element| decrypter.get_range(pad, element, offset, size),
|
||||||
|
)
|
||||||
|
});
|
||||||
|
|
||||||
|
srcpad.set_activatemode_function(|pad, parent, mode, active| {
|
||||||
|
Decrypter::catch_panic_pad_function(
|
||||||
|
parent,
|
||||||
|
|| {
|
||||||
|
Err(gst_loggable_error!(
|
||||||
|
CAT,
|
||||||
|
"Panic activating srcpad with mode"
|
||||||
|
))
|
||||||
|
},
|
||||||
|
|decrypter, element| {
|
||||||
|
decrypter.src_activatemode_function(pad, element, mode, active)
|
||||||
|
},
|
||||||
|
)
|
||||||
|
});
|
||||||
|
|
||||||
|
srcpad.set_query_function(|pad, parent, query| {
|
||||||
|
Decrypter::catch_panic_pad_function(
|
||||||
|
parent,
|
||||||
|
|| false,
|
||||||
|
|decrypter, element| decrypter.src_query(pad, element, query),
|
||||||
|
)
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
fn src_activatemode_function(
|
||||||
|
&self,
|
||||||
|
_pad: &gst::Pad,
|
||||||
|
element: &gst::Element,
|
||||||
|
mode: gst::PadMode,
|
||||||
|
active: bool,
|
||||||
|
) -> Result<(), gst::LoggableError> {
|
||||||
|
match mode {
|
||||||
|
gst::PadMode::Pull => {
|
||||||
|
self.sinkpad
|
||||||
|
.activate_mode(mode, active)
|
||||||
|
.map_err(gst::LoggableError::from)?;
|
||||||
|
|
||||||
|
// Set the nonce and block size from the headers
|
||||||
|
// right after we activate the pad
|
||||||
|
self.check_headers(element)
|
||||||
|
}
|
||||||
|
gst::PadMode::Push => Err(gst_loggable_error!(CAT, "Push mode not supported")),
|
||||||
|
_ => Err(gst_loggable_error!(
|
||||||
|
CAT,
|
||||||
|
"Failed to activate the pad in Unknown mode, {:?}",
|
||||||
|
mode
|
||||||
|
)),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn src_query(&self, pad: &gst::Pad, element: &gst::Element, query: &mut gst::QueryRef) -> bool {
|
||||||
|
use gst::QueryView;
|
||||||
|
|
||||||
|
gst_log!(CAT, obj: pad, "Handling query {:?}", query);
|
||||||
|
|
||||||
|
match query.view_mut() {
|
||||||
|
QueryView::Scheduling(mut q) => {
|
||||||
|
let mut peer_query = gst::Query::new_scheduling();
|
||||||
|
let res = self.sinkpad.peer_query(&mut peer_query);
|
||||||
|
if !res {
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
|
||||||
|
gst_log!(CAT, obj: pad, "Upstream returned {:?}", peer_query);
|
||||||
|
|
||||||
|
let (flags, min, max, align) = peer_query.get_result();
|
||||||
|
q.set(flags, min, max, align);
|
||||||
|
q.add_scheduling_modes(&[gst::PadMode::Pull]);
|
||||||
|
gst_log!(CAT, obj: pad, "Returning {:?}", q.get_mut_query());
|
||||||
|
true
|
||||||
|
}
|
||||||
|
QueryView::Duration(ref mut q) => {
|
||||||
|
if q.get_format() != gst::Format::Bytes {
|
||||||
|
return pad.query_default(element, query);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* First let's query the bytes duration upstream */
|
||||||
|
let mut peer_query = gst::query::Query::new_duration(gst::Format::Bytes);
|
||||||
|
|
||||||
|
if !self.sinkpad.peer_query(&mut peer_query) {
|
||||||
|
gst_error!(CAT, "Failed to query upstream duration");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
let size = match peer_query.get_result().try_into_bytes().unwrap() {
|
||||||
|
gst::format::Bytes(Some(size)) => size,
|
||||||
|
gst::format::Bytes(None) => {
|
||||||
|
gst_error!(CAT, "Failed to query upstream duration");
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
let state = self.state.lock().unwrap();
|
||||||
|
let state = match state.as_ref() {
|
||||||
|
// If state isn't set, it means that the
|
||||||
|
// element hasn't been activated yet.
|
||||||
|
None => return false,
|
||||||
|
Some(s) => s,
|
||||||
|
};
|
||||||
|
|
||||||
|
// subtract static offsets
|
||||||
|
let size = size - super::HEADERS_SIZE as u64;
|
||||||
|
|
||||||
|
// calculate the number of chunks that exist in the stream
|
||||||
|
let total_chunks =
|
||||||
|
(size - 1) / state.block_size.expect("Block size wasn't set") as u64;
|
||||||
|
// subtrack the MAC of each block
|
||||||
|
let size = size - total_chunks * box_::MACBYTES as u64;
|
||||||
|
|
||||||
|
gst_debug!(CAT, obj: pad, "Setting duration bytes: {}", size);
|
||||||
|
q.set(gst::format::Bytes::from(size));
|
||||||
|
|
||||||
|
true
|
||||||
|
}
|
||||||
|
_ => pad.query_default(element, query),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn check_headers(&self, element: &gst::Element) -> Result<(), gst::LoggableError> {
|
||||||
|
let is_none = {
|
||||||
|
let mutex_state = self.state.lock().unwrap();
|
||||||
|
let state = mutex_state.as_ref().unwrap();
|
||||||
|
state.initial_nonce.is_none()
|
||||||
|
};
|
||||||
|
|
||||||
|
if !is_none {
|
||||||
|
return Ok(());
|
||||||
|
}
|
||||||
|
|
||||||
|
let buffer = self
|
||||||
|
.sinkpad
|
||||||
|
.pull_range(0, crate::HEADERS_SIZE as u32)
|
||||||
|
.map_err(|err| {
|
||||||
|
let err = gst_loggable_error!(
|
||||||
|
CAT,
|
||||||
|
"Failed to pull nonce from the stream, reason: {:?}",
|
||||||
|
err
|
||||||
|
);
|
||||||
|
err.log_with_object(element);
|
||||||
|
err
|
||||||
|
})?;
|
||||||
|
|
||||||
|
if buffer.get_size() != crate::HEADERS_SIZE {
|
||||||
|
let err = gst_loggable_error!(CAT, "Headers buffer has wrong size");
|
||||||
|
err.log_with_object(element);
|
||||||
|
return Err(err);
|
||||||
|
}
|
||||||
|
|
||||||
|
let map = buffer.map_readable().ok_or_else(|| {
|
||||||
|
let err = gst_loggable_error!(CAT, "Failed to map buffer readable");
|
||||||
|
err.log_with_object(element);
|
||||||
|
err
|
||||||
|
})?;
|
||||||
|
|
||||||
|
let sodium_header_slice = &map[..crate::TYPEFIND_HEADER_SIZE];
|
||||||
|
if sodium_header_slice != crate::TYPEFIND_HEADER {
|
||||||
|
let err = gst_loggable_error!(CAT, "Buffer has wrong tyfefind header");
|
||||||
|
err.log_with_object(element);
|
||||||
|
return Err(err);
|
||||||
|
}
|
||||||
|
|
||||||
|
let nonce_slice =
|
||||||
|
&map[crate::TYPEFIND_HEADER_SIZE..crate::TYPEFIND_HEADER_SIZE + box_::NONCEBYTES];
|
||||||
|
assert_eq!(nonce_slice.len(), box_::NONCEBYTES);
|
||||||
|
let nonce = box_::Nonce::from_slice(nonce_slice).ok_or_else(|| {
|
||||||
|
let err = gst_loggable_error!(CAT, "Failed to create nonce from buffer");
|
||||||
|
err.log_with_object(&self.srcpad);
|
||||||
|
err
|
||||||
|
})?;
|
||||||
|
|
||||||
|
let slice = &map[crate::TYPEFIND_HEADER_SIZE + box_::NONCEBYTES..crate::HEADERS_SIZE];
|
||||||
|
assert_eq!(
|
||||||
|
crate::HEADERS_SIZE - crate::TYPEFIND_HEADER_SIZE - box_::NONCEBYTES,
|
||||||
|
4
|
||||||
|
);
|
||||||
|
let block_size = u32::from_le_bytes([slice[0], slice[1], slice[2], slice[3]]);
|
||||||
|
|
||||||
|
// reacquire the lock again to change the state
|
||||||
|
let mut state = self.state.lock().unwrap();
|
||||||
|
let state = state.as_mut().unwrap();
|
||||||
|
|
||||||
|
state.initial_nonce = Some(nonce);
|
||||||
|
gst_debug!(CAT, obj: element, "Setting nonce to: {:?}", nonce.0);
|
||||||
|
state.block_size = Some(block_size);
|
||||||
|
gst_debug!(CAT, obj: element, "Setting block size to: {}", block_size);
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
fn pull_requested_buffer(
|
||||||
|
&self,
|
||||||
|
pad: &gst::Pad,
|
||||||
|
element: &gst::Element,
|
||||||
|
requested_size: u32,
|
||||||
|
block_size: u32,
|
||||||
|
chunk_index: u64,
|
||||||
|
) -> Result<gst::Buffer, gst::FlowError> {
|
||||||
|
let pull_offset = super::HEADERS_SIZE as u64
|
||||||
|
+ (chunk_index * block_size as u64)
|
||||||
|
+ (chunk_index * box_::MACBYTES as u64);
|
||||||
|
|
||||||
|
gst_debug!(CAT, obj: pad, "Pull offset: {}", pull_offset);
|
||||||
|
gst_debug!(CAT, obj: pad, "block size: {}", block_size);
|
||||||
|
|
||||||
|
// calculate how many chunks are needed, if we need something like 3.2
|
||||||
|
// round the number to 4 and cut the buffer afterwards.
|
||||||
|
let checked = requested_size.checked_add(block_size).ok_or_else(|| {
|
||||||
|
gst_element_error!(
|
||||||
|
element,
|
||||||
|
gst::LibraryError::Failed,
|
||||||
|
[
|
||||||
|
"Addition overflow when adding requested pull size and block size: {} + {}",
|
||||||
|
requested_size,
|
||||||
|
block_size,
|
||||||
|
]
|
||||||
|
);
|
||||||
|
gst::FlowError::Error
|
||||||
|
})?;
|
||||||
|
|
||||||
|
// Read at least one chunk in case 0 bytes were requested
|
||||||
|
let total_chunks = u32::max((checked - 1) / block_size, 1);
|
||||||
|
gst_debug!(CAT, obj: pad, "Blocks to be pulled: {}", total_chunks);
|
||||||
|
|
||||||
|
// Pull a buffer of all the chunks we will need
|
||||||
|
let checked_size = total_chunks.checked_mul(block_size).ok_or_else(|| {
|
||||||
|
gst_element_error!(
|
||||||
|
element,
|
||||||
|
gst::LibraryError::Failed,
|
||||||
|
[
|
||||||
|
"Overflowed trying to calculate the buffer size to pull: {} * {}",
|
||||||
|
total_chunks,
|
||||||
|
block_size,
|
||||||
|
]
|
||||||
|
);
|
||||||
|
gst::FlowError::Error
|
||||||
|
})?;
|
||||||
|
|
||||||
|
let total_size = checked_size + (total_chunks * box_::MACBYTES as u32);
|
||||||
|
gst_debug!(CAT, obj: pad, "Requested pull size: {}", total_size);
|
||||||
|
|
||||||
|
self.sinkpad.pull_range(pull_offset, total_size).map_err(|err| {
|
||||||
|
match err {
|
||||||
|
gst::FlowError::Flushing => {
|
||||||
|
gst_debug!(CAT, obj: &self.sinkpad, "Pausing after pulling buffer, reason: flushing");
|
||||||
|
}
|
||||||
|
gst::FlowError::Eos => {
|
||||||
|
gst_debug!(CAT, obj: &self.sinkpad, "Eos");
|
||||||
|
}
|
||||||
|
flow => {
|
||||||
|
gst_error!(CAT, obj: &self.sinkpad, "Failed to pull, reason: {:?}", flow);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
err
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
fn get_range(
|
||||||
|
&self,
|
||||||
|
pad: &gst::Pad,
|
||||||
|
element: &gst::Element,
|
||||||
|
offset: u64,
|
||||||
|
requested_size: u32,
|
||||||
|
) -> Result<gst::Buffer, gst::FlowError> {
|
||||||
|
let block_size = {
|
||||||
|
let mut mutex_state = self.state.lock().unwrap();
|
||||||
|
// This will only be run after READY state,
|
||||||
|
// and will be guaranted to be initialized
|
||||||
|
let state = mutex_state.as_mut().unwrap();
|
||||||
|
// Cleanup the adapter
|
||||||
|
state.adapter.clear();
|
||||||
|
state.block_size.expect("Block size wasn't set")
|
||||||
|
};
|
||||||
|
|
||||||
|
gst_debug!(CAT, obj: pad, "Requested offset: {}", offset);
|
||||||
|
gst_debug!(CAT, obj: pad, "Requested size: {}", requested_size);
|
||||||
|
|
||||||
|
let chunk_index = offset as u64 / block_size as u64;
|
||||||
|
gst_debug!(CAT, obj: pad, "Stream Block index: {}", chunk_index);
|
||||||
|
|
||||||
|
let buffer =
|
||||||
|
self.pull_requested_buffer(pad, element, requested_size, block_size, chunk_index)?;
|
||||||
|
|
||||||
|
let mut state = self.state.lock().unwrap();
|
||||||
|
// This will only be run after READY state,
|
||||||
|
// and will be guaranted to be initialized
|
||||||
|
let state = state.as_mut().unwrap();
|
||||||
|
|
||||||
|
let adapter_offset = offset - (chunk_index * block_size as u64);
|
||||||
|
assert!(adapter_offset <= std::usize::MAX as u64);
|
||||||
|
let adapter_offset = adapter_offset as usize;
|
||||||
|
|
||||||
|
state.decrypt_into_adapter(element, &self.srcpad, &buffer, chunk_index)?;
|
||||||
|
state.get_requested_buffer(&self.srcpad, requested_size, adapter_offset)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl ObjectSubclass for Decrypter {
|
||||||
|
const NAME: &'static str = "RsSodiumDecryptor";
|
||||||
|
type ParentType = gst::Element;
|
||||||
|
type Instance = gst::subclass::ElementInstanceStruct<Self>;
|
||||||
|
type Class = subclass::simple::ClassStruct<Self>;
|
||||||
|
|
||||||
|
glib_object_subclass!();
|
||||||
|
|
||||||
|
fn new_with_class(klass: &subclass::simple::ClassStruct<Self>) -> Self {
|
||||||
|
let templ = klass.get_pad_template("sink").unwrap();
|
||||||
|
let sinkpad = gst::Pad::new_from_template(&templ, Some("sink"));
|
||||||
|
let templ = klass.get_pad_template("src").unwrap();
|
||||||
|
let srcpad = gst::Pad::new_from_template(&templ, Some("src"));
|
||||||
|
|
||||||
|
Decrypter::set_pad_functions(&sinkpad, &srcpad);
|
||||||
|
let props = Mutex::new(Props::default());
|
||||||
|
let state = Mutex::new(None);
|
||||||
|
|
||||||
|
Self {
|
||||||
|
srcpad,
|
||||||
|
sinkpad,
|
||||||
|
props,
|
||||||
|
state,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn class_init(klass: &mut subclass::simple::ClassStruct<Self>) {
|
||||||
|
klass.set_metadata(
|
||||||
|
"Decrypter",
|
||||||
|
"Generic",
|
||||||
|
"libsodium-based file decrypter",
|
||||||
|
"Jordan Petridis <jordan@centricular.com>",
|
||||||
|
);
|
||||||
|
|
||||||
|
let src_pad_template = gst::PadTemplate::new(
|
||||||
|
"src",
|
||||||
|
gst::PadDirection::Src,
|
||||||
|
gst::PadPresence::Always,
|
||||||
|
&gst::Caps::new_any(),
|
||||||
|
)
|
||||||
|
.unwrap();
|
||||||
|
klass.add_pad_template(src_pad_template);
|
||||||
|
|
||||||
|
let sink_caps = gst::Caps::builder("application/x-sodium-encrypted").build();
|
||||||
|
let sink_pad_template = gst::PadTemplate::new(
|
||||||
|
"sink",
|
||||||
|
gst::PadDirection::Sink,
|
||||||
|
gst::PadPresence::Always,
|
||||||
|
&sink_caps,
|
||||||
|
)
|
||||||
|
.unwrap();
|
||||||
|
klass.add_pad_template(sink_pad_template);
|
||||||
|
klass.install_properties(&PROPERTIES);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl ObjectImpl for Decrypter {
|
||||||
|
glib_object_impl!();
|
||||||
|
|
||||||
|
fn constructed(&self, obj: &glib::Object) {
|
||||||
|
self.parent_constructed(obj);
|
||||||
|
|
||||||
|
let element = obj.downcast_ref::<gst::Element>().unwrap();
|
||||||
|
element.add_pad(&self.sinkpad).unwrap();
|
||||||
|
element.add_pad(&self.srcpad).unwrap();
|
||||||
|
}
|
||||||
|
|
||||||
|
fn set_property(&self, _obj: &glib::Object, id: usize, value: &glib::Value) {
|
||||||
|
let prop = &PROPERTIES[id];
|
||||||
|
|
||||||
|
match *prop {
|
||||||
|
subclass::Property("sender-key", ..) => {
|
||||||
|
let mut props = self.props.lock().unwrap();
|
||||||
|
props.sender_key = value.get();
|
||||||
|
}
|
||||||
|
|
||||||
|
subclass::Property("receiver-key", ..) => {
|
||||||
|
let mut props = self.props.lock().unwrap();
|
||||||
|
props.receiver_key = value.get();
|
||||||
|
}
|
||||||
|
|
||||||
|
_ => unimplemented!(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn get_property(&self, _obj: &glib::Object, id: usize) -> Result<glib::Value, ()> {
|
||||||
|
let prop = &PROPERTIES[id];
|
||||||
|
|
||||||
|
match *prop {
|
||||||
|
subclass::Property("receiver-key", ..) => {
|
||||||
|
let props = self.props.lock().unwrap();
|
||||||
|
Ok(props.receiver_key.to_value())
|
||||||
|
}
|
||||||
|
|
||||||
|
_ => unimplemented!(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl ElementImpl for Decrypter {
|
||||||
|
fn change_state(
|
||||||
|
&self,
|
||||||
|
element: &gst::Element,
|
||||||
|
transition: gst::StateChange,
|
||||||
|
) -> Result<gst::StateChangeSuccess, gst::StateChangeError> {
|
||||||
|
gst_debug!(CAT, obj: element, "Changing state {:?}", transition);
|
||||||
|
|
||||||
|
match transition {
|
||||||
|
gst::StateChange::NullToReady => {
|
||||||
|
let props = self.props.lock().unwrap().clone();
|
||||||
|
|
||||||
|
// Create an internal state struct from the provided properties or
|
||||||
|
// refuse to change state
|
||||||
|
let state_ = State::from_props(&props).map_err(|err| {
|
||||||
|
element.post_error_message(&err);
|
||||||
|
gst::StateChangeError
|
||||||
|
})?;
|
||||||
|
|
||||||
|
let mut state = self.state.lock().unwrap();
|
||||||
|
*state = Some(state_);
|
||||||
|
}
|
||||||
|
gst::StateChange::ReadyToNull => {
|
||||||
|
let _ = self.state.lock().unwrap().take();
|
||||||
|
}
|
||||||
|
_ => (),
|
||||||
|
}
|
||||||
|
|
||||||
|
let success = self.parent_change_state(element, transition)?;
|
||||||
|
|
||||||
|
if transition == gst::StateChange::ReadyToNull {
|
||||||
|
let _ = self.state.lock().unwrap().take();
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(success)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn register(plugin: &gst::Plugin) -> Result<(), glib::BoolError> {
|
||||||
|
gst::Element::register(Some(plugin), "rssodiumdecrypter", 0, Decrypter::get_type())
|
||||||
|
}
|
567
gst-plugin-sodium/src/encrypter.rs
Normal file
567
gst-plugin-sodium/src/encrypter.rs
Normal file
|
@ -0,0 +1,567 @@
|
||||||
|
// encrypter.rs
|
||||||
|
//
|
||||||
|
// Copyright 2019 Jordan Petridis <jordan@centricular.com>
|
||||||
|
//
|
||||||
|
// Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
// of this software and associated documentation files (the "Software"), to
|
||||||
|
// deal in the Software without restriction, including without limitation the
|
||||||
|
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
||||||
|
// sell copies of the Software, and to permit persons to whom the Software is
|
||||||
|
// furnished to do so, subject to the following conditions:
|
||||||
|
//
|
||||||
|
// The above copyright notice and this permission notice shall be included in
|
||||||
|
// all copies or substantial portions of the Software.
|
||||||
|
//
|
||||||
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||||
|
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
||||||
|
// IN THE SOFTWARE.
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
use glib::prelude::*;
|
||||||
|
use glib::subclass;
|
||||||
|
use glib::subclass::prelude::*;
|
||||||
|
use gst::prelude::*;
|
||||||
|
use gst::subclass::prelude::*;
|
||||||
|
use smallvec::SmallVec;
|
||||||
|
use sodiumoxide::crypto::box_;
|
||||||
|
|
||||||
|
type BufferVec = SmallVec<[gst::Buffer; 16]>;
|
||||||
|
|
||||||
|
use std::sync::Mutex;
|
||||||
|
|
||||||
|
lazy_static! {
|
||||||
|
static ref CAT: gst::DebugCategory = {
|
||||||
|
gst::DebugCategory::new(
|
||||||
|
"rssodiumencrypter",
|
||||||
|
gst::DebugColorFlags::empty(),
|
||||||
|
"Encrypter Element",
|
||||||
|
)
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
static PROPERTIES: [subclass::Property; 3] = [
|
||||||
|
subclass::Property("receiver-key", |name| {
|
||||||
|
glib::ParamSpec::boxed(
|
||||||
|
name,
|
||||||
|
"Receiver Key",
|
||||||
|
"The public key of the Receiver",
|
||||||
|
glib::Bytes::static_type(),
|
||||||
|
glib::ParamFlags::READWRITE,
|
||||||
|
)
|
||||||
|
}),
|
||||||
|
subclass::Property("sender-key", |name| {
|
||||||
|
glib::ParamSpec::boxed(
|
||||||
|
name,
|
||||||
|
"Sender Key",
|
||||||
|
"The private key of the Sender",
|
||||||
|
glib::Bytes::static_type(),
|
||||||
|
glib::ParamFlags::WRITABLE,
|
||||||
|
)
|
||||||
|
}),
|
||||||
|
subclass::Property("block-size", |name| {
|
||||||
|
glib::ParamSpec::uint(
|
||||||
|
name,
|
||||||
|
"Block Size",
|
||||||
|
"The block-size of the chunks",
|
||||||
|
1024,
|
||||||
|
std::u32::MAX,
|
||||||
|
32768,
|
||||||
|
glib::ParamFlags::READWRITE,
|
||||||
|
)
|
||||||
|
}),
|
||||||
|
];
|
||||||
|
|
||||||
|
#[derive(Debug, Clone)]
|
||||||
|
struct Props {
|
||||||
|
receiver_key: Option<glib::Bytes>,
|
||||||
|
sender_key: Option<glib::Bytes>,
|
||||||
|
block_size: u32,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Default for Props {
|
||||||
|
fn default() -> Self {
|
||||||
|
Props {
|
||||||
|
receiver_key: None,
|
||||||
|
sender_key: None,
|
||||||
|
block_size: 32768,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Debug)]
|
||||||
|
struct State {
|
||||||
|
adapter: gst_base::UniqueAdapter,
|
||||||
|
nonce: box_::Nonce,
|
||||||
|
precomputed_key: box_::PrecomputedKey,
|
||||||
|
block_size: u32,
|
||||||
|
write_headers: bool,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl State {
|
||||||
|
fn from_props(props: &Props) -> Result<Self, gst::ErrorMessage> {
|
||||||
|
let sender_key = props
|
||||||
|
.sender_key
|
||||||
|
.as_ref()
|
||||||
|
.and_then(|k| box_::SecretKey::from_slice(&k))
|
||||||
|
.ok_or_else(|| {
|
||||||
|
gst_error_msg!(
|
||||||
|
gst::ResourceError::NotFound,
|
||||||
|
[format!(
|
||||||
|
"Failed to set Sender's Key from property: {:?}",
|
||||||
|
props.sender_key
|
||||||
|
)
|
||||||
|
.as_ref()]
|
||||||
|
)
|
||||||
|
})?;
|
||||||
|
|
||||||
|
let receiver_key = props
|
||||||
|
.receiver_key
|
||||||
|
.as_ref()
|
||||||
|
.and_then(|k| box_::PublicKey::from_slice(&k))
|
||||||
|
.ok_or_else(|| {
|
||||||
|
gst_error_msg!(
|
||||||
|
gst::ResourceError::NotFound,
|
||||||
|
[format!(
|
||||||
|
"Failed to set Receiver's Key from property: {:?}",
|
||||||
|
props.receiver_key
|
||||||
|
)
|
||||||
|
.as_ref()]
|
||||||
|
)
|
||||||
|
})?;
|
||||||
|
|
||||||
|
// This env variable is only meant to bypass nonce regeneration during
|
||||||
|
// tests to get determinisic results. It should never be used outside
|
||||||
|
// of testing environments.
|
||||||
|
let nonce = if let Ok(val) = std::env::var("GST_SODIUM_ENCRYPT_NONCE") {
|
||||||
|
let bytes = hex::decode(val).expect("Failed to decode hex variable");
|
||||||
|
assert_eq!(bytes.len(), box_::NONCEBYTES);
|
||||||
|
box_::Nonce::from_slice(&bytes).unwrap()
|
||||||
|
} else {
|
||||||
|
box_::gen_nonce()
|
||||||
|
};
|
||||||
|
|
||||||
|
let precomputed_key = box_::precompute(&receiver_key, &sender_key);
|
||||||
|
|
||||||
|
Ok(Self {
|
||||||
|
adapter: gst_base::UniqueAdapter::new(),
|
||||||
|
precomputed_key,
|
||||||
|
nonce,
|
||||||
|
block_size: props.block_size,
|
||||||
|
write_headers: true,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
fn seal(&mut self, message: &[u8]) -> Vec<u8> {
|
||||||
|
let ciphertext = box_::seal_precomputed(message, &self.nonce, &self.precomputed_key);
|
||||||
|
self.nonce.increment_le_inplace();
|
||||||
|
ciphertext
|
||||||
|
}
|
||||||
|
|
||||||
|
fn encrypt_message(&mut self, buffer: &gst::BufferRef) -> gst::Buffer {
|
||||||
|
let map = buffer
|
||||||
|
.map_readable()
|
||||||
|
.expect("Failed to map buffer readable");
|
||||||
|
|
||||||
|
let sealed = self.seal(&map);
|
||||||
|
gst::Buffer::from_mut_slice(sealed)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn encrypt_blocks(&mut self, block_size: usize) -> Result<BufferVec, gst::FlowError> {
|
||||||
|
assert_ne!(block_size, 0);
|
||||||
|
|
||||||
|
let mut buffers = BufferVec::new();
|
||||||
|
|
||||||
|
// As long we have enough bytes to encrypt a block, or more, we do so
|
||||||
|
// else the leftover bytes on the adapter will be pushed when EOS
|
||||||
|
// is sent.
|
||||||
|
while self.adapter.available() >= block_size {
|
||||||
|
let buffer = self.adapter.take_buffer(block_size).unwrap();
|
||||||
|
let out_buf = self.encrypt_message(&buffer);
|
||||||
|
|
||||||
|
buffers.push(out_buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(buffers)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
struct Encrypter {
|
||||||
|
srcpad: gst::Pad,
|
||||||
|
sinkpad: gst::Pad,
|
||||||
|
props: Mutex<Props>,
|
||||||
|
state: Mutex<Option<State>>,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Encrypter {
|
||||||
|
fn set_pad_functions(sinkpad: &gst::Pad, srcpad: &gst::Pad) {
|
||||||
|
sinkpad.set_chain_function(|pad, parent, buffer| {
|
||||||
|
Encrypter::catch_panic_pad_function(
|
||||||
|
parent,
|
||||||
|
|| Err(gst::FlowError::Error),
|
||||||
|
|encrypter, element| encrypter.sink_chain(pad, element, buffer),
|
||||||
|
)
|
||||||
|
});
|
||||||
|
sinkpad.set_event_function(|pad, parent, event| {
|
||||||
|
Encrypter::catch_panic_pad_function(
|
||||||
|
parent,
|
||||||
|
|| false,
|
||||||
|
|encrypter, element| encrypter.sink_event(pad, element, event),
|
||||||
|
)
|
||||||
|
});
|
||||||
|
|
||||||
|
srcpad.set_query_function(|pad, parent, query| {
|
||||||
|
Encrypter::catch_panic_pad_function(
|
||||||
|
parent,
|
||||||
|
|| false,
|
||||||
|
|encrypter, element| encrypter.src_query(pad, element, query),
|
||||||
|
)
|
||||||
|
});
|
||||||
|
srcpad.set_event_function(|pad, parent, event| {
|
||||||
|
Encrypter::catch_panic_pad_function(
|
||||||
|
parent,
|
||||||
|
|| false,
|
||||||
|
|encrypter, element| encrypter.src_event(pad, element, event),
|
||||||
|
)
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
fn sink_chain(
|
||||||
|
&self,
|
||||||
|
pad: &gst::Pad,
|
||||||
|
element: &gst::Element,
|
||||||
|
buffer: gst::Buffer,
|
||||||
|
) -> Result<gst::FlowSuccess, gst::FlowError> {
|
||||||
|
gst_log!(CAT, obj: pad, "Handling buffer {:?}", buffer);
|
||||||
|
|
||||||
|
let mut buffers = BufferVec::new();
|
||||||
|
let mut state_guard = self.state.lock().unwrap();
|
||||||
|
let state = state_guard.as_mut().unwrap();
|
||||||
|
|
||||||
|
if state.write_headers {
|
||||||
|
let mut headers = Vec::with_capacity(40);
|
||||||
|
headers.extend_from_slice(crate::TYPEFIND_HEADER);
|
||||||
|
// Write the Nonce used into the stream.
|
||||||
|
headers.extend_from_slice(state.nonce.as_ref());
|
||||||
|
// Write the block_size into the stream
|
||||||
|
headers.extend_from_slice(&state.block_size.to_le_bytes());
|
||||||
|
|
||||||
|
buffers.push(gst::Buffer::from_mut_slice(headers));
|
||||||
|
state.write_headers = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
state.adapter.push(buffer);
|
||||||
|
|
||||||
|
// Encrypt the whole blocks, if any, and push them.
|
||||||
|
buffers.extend(
|
||||||
|
state
|
||||||
|
.encrypt_blocks(state.block_size as usize)
|
||||||
|
.map_err(|err| {
|
||||||
|
// log the error to the bus
|
||||||
|
gst_element_error!(
|
||||||
|
element,
|
||||||
|
gst::ResourceError::Write,
|
||||||
|
["Failed to decrypt buffer"]
|
||||||
|
);
|
||||||
|
err
|
||||||
|
})?,
|
||||||
|
);
|
||||||
|
|
||||||
|
drop(state);
|
||||||
|
drop(state_guard);
|
||||||
|
|
||||||
|
for buffer in buffers {
|
||||||
|
self.srcpad.push(buffer).map_err(|err| {
|
||||||
|
gst_error!(CAT, obj: element, "Failed to push buffer {:?}", err);
|
||||||
|
err
|
||||||
|
})?;
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(gst::FlowSuccess::Ok)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn sink_event(&self, pad: &gst::Pad, element: &gst::Element, event: gst::Event) -> bool {
|
||||||
|
use gst::EventView;
|
||||||
|
|
||||||
|
gst_log!(CAT, obj: pad, "Handling event {:?}", event);
|
||||||
|
|
||||||
|
match event.view() {
|
||||||
|
EventView::Caps(_) => {
|
||||||
|
// We send our own caps downstream
|
||||||
|
let caps = gst::Caps::builder("application/x-sodium-encrypted").build();
|
||||||
|
self.srcpad.push_event(gst::Event::new_caps(&caps).build())
|
||||||
|
}
|
||||||
|
EventView::Eos(_) => {
|
||||||
|
let mut state_mutex = self.state.lock().unwrap();
|
||||||
|
let mut buffers = BufferVec::new();
|
||||||
|
// This will only be run after READY state,
|
||||||
|
// and will be guaranted to be initialized
|
||||||
|
let state = state_mutex.as_mut().unwrap();
|
||||||
|
|
||||||
|
// Now that all the full size blocks are pushed, drain the
|
||||||
|
// rest of the adapter and push whatever is left.
|
||||||
|
let avail = state.adapter.available();
|
||||||
|
// logic error, all the complete blocks that can be pushed
|
||||||
|
// should have been done in the sink_chain call.
|
||||||
|
assert!(avail < state.block_size as usize);
|
||||||
|
|
||||||
|
if avail > 0 {
|
||||||
|
match state.encrypt_blocks(avail) {
|
||||||
|
Err(_) => {
|
||||||
|
gst_element_error!(
|
||||||
|
element,
|
||||||
|
gst::ResourceError::Write,
|
||||||
|
["Failed to encrypt buffers at EOS"]
|
||||||
|
);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
Ok(b) => buffers.extend(b),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// drop the lock before pushing into the pad
|
||||||
|
drop(state);
|
||||||
|
drop(state_mutex);
|
||||||
|
|
||||||
|
for buffer in buffers {
|
||||||
|
if let Err(err) = self.srcpad.push(buffer) {
|
||||||
|
gst_error!(CAT, obj: element, "Failed to push buffer at EOS {:?}", err);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pad.event_default(element, event)
|
||||||
|
}
|
||||||
|
_ => pad.event_default(element, event),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn src_event(&self, pad: &gst::Pad, element: &gst::Element, event: gst::Event) -> bool {
|
||||||
|
use gst::EventView;
|
||||||
|
|
||||||
|
gst_log!(CAT, obj: pad, "Handling event {:?}", event);
|
||||||
|
|
||||||
|
match event.view() {
|
||||||
|
EventView::Seek(_) => false,
|
||||||
|
_ => pad.event_default(element, event),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn src_query(&self, pad: &gst::Pad, element: &gst::Element, query: &mut gst::QueryRef) -> bool {
|
||||||
|
use gst::QueryView;
|
||||||
|
|
||||||
|
gst_log!(CAT, obj: pad, "Handling query {:?}", query);
|
||||||
|
|
||||||
|
match query.view_mut() {
|
||||||
|
QueryView::Seeking(mut q) => {
|
||||||
|
let format = q.get_format();
|
||||||
|
q.set(
|
||||||
|
false,
|
||||||
|
gst::GenericFormattedValue::Other(format, -1),
|
||||||
|
gst::GenericFormattedValue::Other(format, -1),
|
||||||
|
);
|
||||||
|
gst_log!(CAT, obj: pad, "Returning {:?}", q.get_mut_query());
|
||||||
|
true
|
||||||
|
}
|
||||||
|
QueryView::Duration(ref mut q) => {
|
||||||
|
if q.get_format() != gst::Format::Bytes {
|
||||||
|
return pad.query_default(element, query);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* First let's query the bytes duration upstream */
|
||||||
|
let mut peer_query = gst::query::Query::new_duration(gst::Format::Bytes);
|
||||||
|
|
||||||
|
if !self.sinkpad.peer_query(&mut peer_query) {
|
||||||
|
gst_error!(CAT, "Failed to query upstream duration");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
let size = match peer_query.get_result().try_into_bytes().unwrap() {
|
||||||
|
gst::format::Bytes(Some(size)) => size,
|
||||||
|
gst::format::Bytes(None) => {
|
||||||
|
gst_error!(CAT, "Failed to query upstream duration");
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
let state = self.state.lock().unwrap();
|
||||||
|
let state = match state.as_ref() {
|
||||||
|
// If state isn't set, it means that the
|
||||||
|
// element hasn't been activated yet.
|
||||||
|
None => return false,
|
||||||
|
Some(s) => s,
|
||||||
|
};
|
||||||
|
|
||||||
|
// calculate the number of chunks that exist in the stream
|
||||||
|
let total_chunks = (size + state.block_size as u64 - 1) / state.block_size as u64;
|
||||||
|
// add the MAC of each block
|
||||||
|
let size = size + total_chunks * box_::MACBYTES as u64;
|
||||||
|
|
||||||
|
// add static offsets
|
||||||
|
let size = size + super::HEADERS_SIZE as u64;
|
||||||
|
|
||||||
|
gst_debug!(CAT, obj: pad, "Setting duration bytes: {}", size);
|
||||||
|
q.set(gst::format::Bytes::from(size));
|
||||||
|
|
||||||
|
true
|
||||||
|
}
|
||||||
|
_ => pad.query_default(element, query),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl ObjectSubclass for Encrypter {
|
||||||
|
const NAME: &'static str = "RsSodiumEncrypter";
|
||||||
|
type ParentType = gst::Element;
|
||||||
|
type Instance = gst::subclass::ElementInstanceStruct<Self>;
|
||||||
|
type Class = subclass::simple::ClassStruct<Self>;
|
||||||
|
|
||||||
|
glib_object_subclass!();
|
||||||
|
|
||||||
|
fn new_with_class(klass: &subclass::simple::ClassStruct<Self>) -> Self {
|
||||||
|
let templ = klass.get_pad_template("sink").unwrap();
|
||||||
|
let sinkpad = gst::Pad::new_from_template(&templ, Some("sink"));
|
||||||
|
let templ = klass.get_pad_template("src").unwrap();
|
||||||
|
let srcpad = gst::Pad::new_from_template(&templ, Some("src"));
|
||||||
|
|
||||||
|
Encrypter::set_pad_functions(&sinkpad, &srcpad);
|
||||||
|
let props = Mutex::new(Props::default());
|
||||||
|
let state = Mutex::new(None);
|
||||||
|
|
||||||
|
Self {
|
||||||
|
srcpad,
|
||||||
|
sinkpad,
|
||||||
|
props,
|
||||||
|
state,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn class_init(klass: &mut subclass::simple::ClassStruct<Self>) {
|
||||||
|
klass.set_metadata(
|
||||||
|
"Encrypter",
|
||||||
|
"Generic",
|
||||||
|
"libsodium-based file encrypter",
|
||||||
|
"Jordan Petridis <jordan@centricular.com>",
|
||||||
|
);
|
||||||
|
|
||||||
|
let src_caps = gst::Caps::builder("application/x-sodium-encrypted").build();
|
||||||
|
let src_pad_template = gst::PadTemplate::new(
|
||||||
|
"src",
|
||||||
|
gst::PadDirection::Src,
|
||||||
|
gst::PadPresence::Always,
|
||||||
|
&src_caps,
|
||||||
|
)
|
||||||
|
.unwrap();
|
||||||
|
klass.add_pad_template(src_pad_template);
|
||||||
|
|
||||||
|
let sink_pad_template = gst::PadTemplate::new(
|
||||||
|
"sink",
|
||||||
|
gst::PadDirection::Sink,
|
||||||
|
gst::PadPresence::Always,
|
||||||
|
&gst::Caps::new_any(),
|
||||||
|
)
|
||||||
|
.unwrap();
|
||||||
|
klass.add_pad_template(sink_pad_template);
|
||||||
|
klass.install_properties(&PROPERTIES);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl ObjectImpl for Encrypter {
|
||||||
|
glib_object_impl!();
|
||||||
|
|
||||||
|
fn constructed(&self, obj: &glib::Object) {
|
||||||
|
self.parent_constructed(obj);
|
||||||
|
|
||||||
|
let element = obj.downcast_ref::<gst::Element>().unwrap();
|
||||||
|
element.add_pad(&self.sinkpad).unwrap();
|
||||||
|
element.add_pad(&self.srcpad).unwrap();
|
||||||
|
}
|
||||||
|
|
||||||
|
fn set_property(&self, _obj: &glib::Object, id: usize, value: &glib::Value) {
|
||||||
|
let prop = &PROPERTIES[id];
|
||||||
|
|
||||||
|
match *prop {
|
||||||
|
subclass::Property("sender-key", ..) => {
|
||||||
|
let mut props = self.props.lock().unwrap();
|
||||||
|
props.sender_key = value.get();
|
||||||
|
}
|
||||||
|
|
||||||
|
subclass::Property("receiver-key", ..) => {
|
||||||
|
let mut props = self.props.lock().unwrap();
|
||||||
|
props.receiver_key = value.get();
|
||||||
|
}
|
||||||
|
|
||||||
|
subclass::Property("block-size", ..) => {
|
||||||
|
let mut props = self.props.lock().unwrap();
|
||||||
|
props.block_size = value.get().unwrap();
|
||||||
|
}
|
||||||
|
|
||||||
|
_ => unimplemented!(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn get_property(&self, _obj: &glib::Object, id: usize) -> Result<glib::Value, ()> {
|
||||||
|
let prop = &PROPERTIES[id];
|
||||||
|
|
||||||
|
match *prop {
|
||||||
|
subclass::Property("receiver-key", ..) => {
|
||||||
|
let props = self.props.lock().unwrap();
|
||||||
|
Ok(props.receiver_key.to_value())
|
||||||
|
}
|
||||||
|
|
||||||
|
subclass::Property("block-size", ..) => {
|
||||||
|
let props = self.props.lock().unwrap();
|
||||||
|
Ok(props.block_size.to_value())
|
||||||
|
}
|
||||||
|
|
||||||
|
_ => unimplemented!(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl ElementImpl for Encrypter {
|
||||||
|
fn change_state(
|
||||||
|
&self,
|
||||||
|
element: &gst::Element,
|
||||||
|
transition: gst::StateChange,
|
||||||
|
) -> Result<gst::StateChangeSuccess, gst::StateChangeError> {
|
||||||
|
gst_debug!(CAT, obj: element, "Changing state {:?}", transition);
|
||||||
|
|
||||||
|
match transition {
|
||||||
|
gst::StateChange::NullToReady => {
|
||||||
|
let props = self.props.lock().unwrap().clone();
|
||||||
|
|
||||||
|
// Create an internal state struct from the provided properties or
|
||||||
|
// refuse to change state
|
||||||
|
let state_ = State::from_props(&props).map_err(|err| {
|
||||||
|
element.post_error_message(&err);
|
||||||
|
gst::StateChangeError
|
||||||
|
})?;
|
||||||
|
|
||||||
|
let mut state = self.state.lock().unwrap();
|
||||||
|
*state = Some(state_);
|
||||||
|
}
|
||||||
|
gst::StateChange::ReadyToNull => {
|
||||||
|
let _ = self.state.lock().unwrap().take();
|
||||||
|
}
|
||||||
|
_ => (),
|
||||||
|
}
|
||||||
|
|
||||||
|
let success = self.parent_change_state(element, transition)?;
|
||||||
|
|
||||||
|
if transition == gst::StateChange::ReadyToNull {
|
||||||
|
let _ = self.state.lock().unwrap().take();
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(success)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn register(plugin: &gst::Plugin) -> Result<(), glib::BoolError> {
|
||||||
|
gst::Element::register(Some(plugin), "rssodiumencrypter", 0, Encrypter::get_type())
|
||||||
|
}
|
86
gst-plugin-sodium/src/lib.rs
Normal file
86
gst-plugin-sodium/src/lib.rs
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
// lib.rs
|
||||||
|
//
|
||||||
|
// Copyright 2019 Jordan Petridis <jordan@centricular.com>
|
||||||
|
//
|
||||||
|
// Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
// of this software and associated documentation files (the "Software"), to
|
||||||
|
// deal in the Software without restriction, including without limitation the
|
||||||
|
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
||||||
|
// sell copies of the Software, and to permit persons to whom the Software is
|
||||||
|
// furnished to do so, subject to the following conditions:
|
||||||
|
//
|
||||||
|
// The above copyright notice and this permission notice shall be included in
|
||||||
|
// all copies or substantial portions of the Software.
|
||||||
|
//
|
||||||
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||||
|
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
||||||
|
// IN THE SOFTWARE.
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
#![crate_type = "cdylib"]
|
||||||
|
|
||||||
|
#[macro_use]
|
||||||
|
extern crate glib;
|
||||||
|
#[macro_use]
|
||||||
|
extern crate gst;
|
||||||
|
#[macro_use]
|
||||||
|
extern crate lazy_static;
|
||||||
|
|
||||||
|
const TYPEFIND_HEADER: &[u8; 12] = b"gst-sodium10";
|
||||||
|
// `core::slice::<impl [T]>::len` is not yet stable as a const fn
|
||||||
|
// const TYPEFIND_HEADER_SIZE: usize = TYPEFIND_HEADER.len();
|
||||||
|
const TYPEFIND_HEADER_SIZE: usize = 12;
|
||||||
|
/// Encryted steams use an offset at the start to store the block_size
|
||||||
|
/// and the nonce that was used.
|
||||||
|
const HEADERS_SIZE: usize =
|
||||||
|
TYPEFIND_HEADER_SIZE + sodiumoxide::crypto::box_::NONCEBYTES + std::mem::size_of::<u32>();
|
||||||
|
|
||||||
|
mod decrypter;
|
||||||
|
mod encrypter;
|
||||||
|
|
||||||
|
fn typefind_register(plugin: &gst::Plugin) -> Result<(), glib::BoolError> {
|
||||||
|
use glib::translate::ToGlib;
|
||||||
|
use gst::{Caps, TypeFind, TypeFindProbability};
|
||||||
|
|
||||||
|
TypeFind::register(
|
||||||
|
plugin,
|
||||||
|
"sodium_encrypted_typefind",
|
||||||
|
gst::Rank::Primary.to_glib() as u32,
|
||||||
|
None,
|
||||||
|
&Caps::new_simple("application/x-sodium-encrypted", &[]),
|
||||||
|
|typefind| {
|
||||||
|
if let Some(data) = typefind.peek(0, TYPEFIND_HEADER_SIZE as u32) {
|
||||||
|
if data == TYPEFIND_HEADER {
|
||||||
|
typefind.suggest(
|
||||||
|
TypeFindProbability::Maximum,
|
||||||
|
&Caps::new_simple("application/x-sodium-encrypted", &[]),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn plugin_init(plugin: &gst::Plugin) -> Result<(), glib::BoolError> {
|
||||||
|
encrypter::register(plugin)?;
|
||||||
|
decrypter::register(plugin)?;
|
||||||
|
typefind_register(plugin)?;
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
gst_plugin_define!(
|
||||||
|
"rssodium",
|
||||||
|
"libsodium-based file encryption and decryption",
|
||||||
|
plugin_init,
|
||||||
|
"1.0",
|
||||||
|
"MIT/X11",
|
||||||
|
"rssodium",
|
||||||
|
"rssodium",
|
||||||
|
"https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs",
|
||||||
|
"2019-03-18"
|
||||||
|
);
|
324
gst-plugin-sodium/tests/decrypter.rs
Normal file
324
gst-plugin-sodium/tests/decrypter.rs
Normal file
|
@ -0,0 +1,324 @@
|
||||||
|
// decrypter.rs
|
||||||
|
//
|
||||||
|
// Copyright 2019 Jordan Petridis <jordan@centricular.com>
|
||||||
|
//
|
||||||
|
// Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
// of this software and associated documentation files (the "Software"), to
|
||||||
|
// deal in the Software without restriction, including without limitation the
|
||||||
|
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
||||||
|
// sell copies of the Software, and to permit persons to whom the Software is
|
||||||
|
// furnished to do so, subject to the following conditions:
|
||||||
|
//
|
||||||
|
// The above copyright notice and this permission notice shall be included in
|
||||||
|
// all copies or substantial portions of the Software.
|
||||||
|
//
|
||||||
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||||
|
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
||||||
|
// IN THE SOFTWARE.
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
#[macro_use]
|
||||||
|
extern crate lazy_static;
|
||||||
|
#[macro_use]
|
||||||
|
extern crate pretty_assertions;
|
||||||
|
|
||||||
|
extern crate gstrssodium;
|
||||||
|
|
||||||
|
use glib::prelude::*;
|
||||||
|
use gst::prelude::*;
|
||||||
|
|
||||||
|
use std::sync::{Arc, Mutex};
|
||||||
|
|
||||||
|
use std::path::PathBuf;
|
||||||
|
|
||||||
|
lazy_static! {
|
||||||
|
static ref SENDER_PUBLIC: glib::Bytes = {
|
||||||
|
let public = [
|
||||||
|
66, 248, 199, 74, 216, 55, 228, 116, 52, 17, 147, 56, 65, 130, 134, 148, 157, 153, 235,
|
||||||
|
171, 179, 147, 120, 71, 100, 243, 133, 120, 160, 14, 111, 65,
|
||||||
|
];
|
||||||
|
glib::Bytes::from_owned(public)
|
||||||
|
};
|
||||||
|
static ref RECEIVER_PRIVATE: glib::Bytes = {
|
||||||
|
let secret = [
|
||||||
|
54, 221, 217, 54, 94, 235, 167, 2, 187, 249, 71, 31, 59, 27, 19, 166, 78, 236, 102, 48,
|
||||||
|
29, 142, 41, 189, 22, 146, 218, 69, 147, 165, 240, 235,
|
||||||
|
];
|
||||||
|
glib::Bytes::from_owned(secret)
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
fn init() {
|
||||||
|
use std::sync::{Once, ONCE_INIT};
|
||||||
|
static INIT: Once = ONCE_INIT;
|
||||||
|
|
||||||
|
INIT.call_once(|| {
|
||||||
|
gst::init().unwrap();
|
||||||
|
gstrssodium::plugin_register_static().unwrap();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_pipeline() {
|
||||||
|
init();
|
||||||
|
|
||||||
|
let pipeline = gst::Pipeline::new(Some("sodium-decrypter-test"));
|
||||||
|
|
||||||
|
let input_path = {
|
||||||
|
let mut r = PathBuf::new();
|
||||||
|
r.push(env!("CARGO_MANIFEST_DIR"));
|
||||||
|
r.push("tests");
|
||||||
|
r.push("encrypted_sample");
|
||||||
|
r.set_extension("enc");
|
||||||
|
r
|
||||||
|
};
|
||||||
|
|
||||||
|
let filesrc = gst::ElementFactory::make("filesrc", None).unwrap();
|
||||||
|
filesrc
|
||||||
|
.set_property("location", &input_path.to_str().unwrap())
|
||||||
|
.expect("failed to set property");
|
||||||
|
|
||||||
|
let dec = gst::ElementFactory::make("rssodiumdecrypter", None).unwrap();
|
||||||
|
dec.set_property("sender-key", &*SENDER_PUBLIC)
|
||||||
|
.expect("failed to set property");
|
||||||
|
dec.set_property("receiver-key", &*RECEIVER_PRIVATE)
|
||||||
|
.expect("failed to set property");
|
||||||
|
|
||||||
|
// the typefind element here is cause the decrypter only supports
|
||||||
|
// operating in pull mode bu the filesink wants push-mode.
|
||||||
|
let typefind = gst::ElementFactory::make("typefind", None).unwrap();
|
||||||
|
let sink = gst::ElementFactory::make("appsink", None).unwrap();
|
||||||
|
|
||||||
|
pipeline
|
||||||
|
.add_many(&[&filesrc, &dec, &typefind, &sink])
|
||||||
|
.expect("failed to add elements to the pipeline");
|
||||||
|
gst::Element::link_many(&[&filesrc, &dec, &typefind, &sink])
|
||||||
|
.expect("failed to link the elements");
|
||||||
|
|
||||||
|
let adapter = Arc::new(Mutex::new(gst_base::UniqueAdapter::new()));
|
||||||
|
|
||||||
|
let sink = sink.downcast::<gst_app::AppSink>().unwrap();
|
||||||
|
let adapter_clone = adapter.clone();
|
||||||
|
sink.set_callbacks(
|
||||||
|
gst_app::AppSinkCallbacks::new()
|
||||||
|
// Add a handler to the "new-sample" signal.
|
||||||
|
.new_sample(move |appsink| {
|
||||||
|
// Pull the sample in question out of the appsink's buffer.
|
||||||
|
let sample = appsink.pull_sample().ok_or(gst::FlowError::Eos)?;
|
||||||
|
let buffer = sample.get_buffer().ok_or(gst::FlowError::Error)?;
|
||||||
|
|
||||||
|
let mut adapter = adapter_clone.lock().unwrap();
|
||||||
|
adapter.push(buffer.to_owned());
|
||||||
|
|
||||||
|
Ok(gst::FlowSuccess::Ok)
|
||||||
|
})
|
||||||
|
.build(),
|
||||||
|
);
|
||||||
|
|
||||||
|
pipeline
|
||||||
|
.set_state(gst::State::Playing)
|
||||||
|
.expect("Unable to set the pipeline to the `Playing` state");
|
||||||
|
|
||||||
|
let bus = pipeline.get_bus().unwrap();
|
||||||
|
for msg in bus.iter_timed(gst::CLOCK_TIME_NONE) {
|
||||||
|
use gst::MessageView;
|
||||||
|
match msg.view() {
|
||||||
|
MessageView::Error(err) => {
|
||||||
|
eprintln!(
|
||||||
|
"Error received from element {:?}: {}",
|
||||||
|
err.get_src().map(|s| s.get_path_string()),
|
||||||
|
err.get_error()
|
||||||
|
);
|
||||||
|
eprintln!("Debugging information: {:?}", err.get_debug());
|
||||||
|
assert!(true);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
MessageView::Eos(..) => break,
|
||||||
|
_ => (),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pipeline
|
||||||
|
.set_state(gst::State::Null)
|
||||||
|
.expect("Unable to set the pipeline to the `Playing` state");
|
||||||
|
|
||||||
|
let expected_output = include_bytes!("sample.mp3");
|
||||||
|
|
||||||
|
let mut adapter = adapter.lock().unwrap();
|
||||||
|
let available = adapter.available();
|
||||||
|
assert_eq!(available, expected_output.len());
|
||||||
|
let output_buffer = adapter.take_buffer(available).unwrap();
|
||||||
|
let output = output_buffer.map_readable().unwrap();
|
||||||
|
assert_eq!(expected_output.as_ref(), output.as_ref());
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_pull_range() {
|
||||||
|
init();
|
||||||
|
|
||||||
|
let pipeline = gst::Pipeline::new(Some("sodium-decrypter-pull-range-test"));
|
||||||
|
let input_path = {
|
||||||
|
let mut r = PathBuf::new();
|
||||||
|
r.push(env!("CARGO_MANIFEST_DIR"));
|
||||||
|
r.push("tests");
|
||||||
|
r.push("encrypted_sample");
|
||||||
|
r.set_extension("enc");
|
||||||
|
r
|
||||||
|
};
|
||||||
|
|
||||||
|
let filesrc = gst::ElementFactory::make("filesrc", None).unwrap();
|
||||||
|
filesrc
|
||||||
|
.set_property("location", &input_path.to_str().unwrap())
|
||||||
|
.expect("failed to set property");
|
||||||
|
|
||||||
|
let dec = gst::ElementFactory::make("rssodiumdecrypter", None).unwrap();
|
||||||
|
dec.set_property("sender-key", &*SENDER_PUBLIC)
|
||||||
|
.expect("failed to set property");
|
||||||
|
dec.set_property("receiver-key", &*RECEIVER_PRIVATE)
|
||||||
|
.expect("failed to set property");
|
||||||
|
|
||||||
|
pipeline
|
||||||
|
.add_many(&[&filesrc, &dec])
|
||||||
|
.expect("failed to add elements to the pipeline");
|
||||||
|
gst::Element::link_many(&[&filesrc, &dec]).expect("failed to link the elements");
|
||||||
|
|
||||||
|
// Activate in the pad in pull mode
|
||||||
|
pipeline
|
||||||
|
.set_state(gst::State::Ready)
|
||||||
|
.expect("Unable to set the pipeline to the `Playing` state");
|
||||||
|
let srcpad = dec.get_static_pad("src").unwrap();
|
||||||
|
srcpad.activate_mode(gst::PadMode::Pull, true).unwrap();
|
||||||
|
|
||||||
|
pipeline
|
||||||
|
.set_state(gst::State::Playing)
|
||||||
|
.expect("Unable to set the pipeline to the `Playing` state");
|
||||||
|
|
||||||
|
// Test that the decryptor is seekable
|
||||||
|
let mut q = gst::query::Query::new_seeking(gst::Format::Bytes);
|
||||||
|
srcpad.query(&mut q);
|
||||||
|
|
||||||
|
// get the seeking capabilities
|
||||||
|
let (seekable, start, stop) = q.get_result();
|
||||||
|
assert_eq!(seekable, true);
|
||||||
|
assert_eq!(
|
||||||
|
start,
|
||||||
|
gst::GenericFormattedValue::Bytes(gst::format::Bytes(Some(0)))
|
||||||
|
);
|
||||||
|
assert_eq!(
|
||||||
|
stop,
|
||||||
|
gst::GenericFormattedValue::Bytes(gst::format::Bytes(Some(6043)))
|
||||||
|
);
|
||||||
|
|
||||||
|
// do pulls
|
||||||
|
let expected_array_1 = [
|
||||||
|
255, 251, 192, 196, 0, 0, 13, 160, 37, 86, 116, 240, 0, 42, 73, 33, 43, 63, 61, 16, 128, 5,
|
||||||
|
53, 37, 220, 28, 225, 35, 16, 243, 140, 220, 4, 192, 2, 64, 14, 3, 144, 203, 67, 208, 244,
|
||||||
|
61, 70, 175, 103, 127, 28, 0,
|
||||||
|
];
|
||||||
|
let buf1 = srcpad.get_range(0, 50).unwrap();
|
||||||
|
assert_eq!(buf1.get_size(), 50);
|
||||||
|
let map1 = buf1.map_readable().unwrap();
|
||||||
|
assert_eq!(&map1[..], &expected_array_1[..]);
|
||||||
|
|
||||||
|
let expected_array_2 = [
|
||||||
|
255, 251, 192, 196, 0, 0, 13, 160, 37, 86, 116, 240, 0, 42, 73, 33, 43, 63, 61, 16, 128, 5,
|
||||||
|
53, 37, 220, 28, 225, 35, 16, 243, 140, 220, 4, 192, 2, 64, 14, 3, 144, 203, 67, 208, 244,
|
||||||
|
61, 70, 175, 103, 127, 28, 0, 0, 0, 0, 12, 60, 60, 60, 122, 0, 0, 0, 12, 195, 195, 195,
|
||||||
|
207, 192, 0, 0, 3, 113, 195, 199, 255, 255, 254, 97, 225, 225, 231, 160, 0, 0, 49, 24, 120,
|
||||||
|
120, 121, 232, 0, 0, 12, 252, 195, 195, 199, 128, 0, 0, 0,
|
||||||
|
];
|
||||||
|
let buf2 = srcpad.get_range(0, 100).unwrap();
|
||||||
|
assert_eq!(buf2.get_size(), 100);
|
||||||
|
let map2 = buf2.map_readable().unwrap();
|
||||||
|
assert_eq!(&map2[..], &expected_array_2[..]);
|
||||||
|
|
||||||
|
// compare the first 50 bytes of the two slices
|
||||||
|
// they should match
|
||||||
|
assert_eq!(&map1[..], &map2[..map1.len()]);
|
||||||
|
|
||||||
|
// request in the middle of a block
|
||||||
|
let buf = srcpad.get_range(853, 100).unwrap();
|
||||||
|
// result size doesn't include the block macs,
|
||||||
|
assert_eq!(buf.get_size(), 100);
|
||||||
|
|
||||||
|
// read till eos, this also will pull multiple blocks
|
||||||
|
let buf = srcpad.get_range(853, 42000).unwrap();
|
||||||
|
// 6031 (size of file) - 883 (requersted offset) - headers size - (numbler of blcks * block mac)
|
||||||
|
assert_eq!(buf.get_size(), 5054);
|
||||||
|
|
||||||
|
// read 0 bytes from the start
|
||||||
|
let buf = srcpad.get_range(0, 0).unwrap();
|
||||||
|
assert_eq!(buf.get_size(), 0);
|
||||||
|
|
||||||
|
// read 0 bytes somewhere in the middle
|
||||||
|
let buf = srcpad.get_range(4242, 0).unwrap();
|
||||||
|
assert_eq!(buf.get_size(), 0);
|
||||||
|
|
||||||
|
// read 0 bytes to eos
|
||||||
|
let res = srcpad.get_range(6003, 0);
|
||||||
|
assert_eq!(res, Err(gst::FlowError::Eos));
|
||||||
|
|
||||||
|
// read 100 bytes at eos
|
||||||
|
let res = srcpad.get_range(6003, 100);
|
||||||
|
assert_eq!(res, Err(gst::FlowError::Eos));
|
||||||
|
|
||||||
|
// read 100 bytes way past eos
|
||||||
|
let res = srcpad.get_range(424242, 100);
|
||||||
|
assert_eq!(res, Err(gst::FlowError::Eos));
|
||||||
|
|
||||||
|
// read 10 bytes at eos -1, should return a single byte
|
||||||
|
let buf = srcpad.get_range(5906, 10).unwrap();
|
||||||
|
assert_eq!(buf.get_size(), 1);
|
||||||
|
|
||||||
|
pipeline
|
||||||
|
.set_state(gst::State::Null)
|
||||||
|
.expect("Unable to set the pipeline to the `Playing` state");
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_state_changes() {
|
||||||
|
init();
|
||||||
|
|
||||||
|
// NullToReady without keys provided
|
||||||
|
{
|
||||||
|
let dec = gst::ElementFactory::make("rssodiumdecrypter", None).unwrap();
|
||||||
|
assert!(dec.change_state(gst::StateChange::NullToReady).is_err());
|
||||||
|
|
||||||
|
// Set only receiver key
|
||||||
|
let dec = gst::ElementFactory::make("rssodiumdecrypter", None).unwrap();
|
||||||
|
dec.set_property("receiver-key", &*RECEIVER_PRIVATE)
|
||||||
|
.expect("failed to set property");
|
||||||
|
assert!(dec.change_state(gst::StateChange::NullToReady).is_err());
|
||||||
|
|
||||||
|
// Set only sender key
|
||||||
|
let dec = gst::ElementFactory::make("rssodiumdecrypter", None).unwrap();
|
||||||
|
dec.set_property("sender-key", &*SENDER_PUBLIC)
|
||||||
|
.expect("failed to set property");
|
||||||
|
assert!(dec.change_state(gst::StateChange::NullToReady).is_err());
|
||||||
|
}
|
||||||
|
|
||||||
|
// NullToReady, no nonce provided
|
||||||
|
{
|
||||||
|
let dec = gst::ElementFactory::make("rssodiumdecrypter", None).unwrap();
|
||||||
|
dec.set_property("sender-key", &*SENDER_PUBLIC)
|
||||||
|
.expect("failed to set property");
|
||||||
|
dec.set_property("receiver-key", &*RECEIVER_PRIVATE)
|
||||||
|
.expect("failed to set property");
|
||||||
|
assert!(dec.change_state(gst::StateChange::NullToReady).is_ok());
|
||||||
|
}
|
||||||
|
|
||||||
|
// ReadyToNull
|
||||||
|
{
|
||||||
|
let dec = gst::ElementFactory::make("rssodiumdecrypter", None).unwrap();
|
||||||
|
dec.set_property("sender-key", &*SENDER_PUBLIC)
|
||||||
|
.expect("failed to set property");
|
||||||
|
dec.set_property("receiver-key", &*RECEIVER_PRIVATE)
|
||||||
|
.expect("failed to set property");
|
||||||
|
assert!(dec.change_state(gst::StateChange::NullToReady).is_ok());
|
||||||
|
}
|
||||||
|
}
|
BIN
gst-plugin-sodium/tests/encrypted_sample.enc
Normal file
BIN
gst-plugin-sodium/tests/encrypted_sample.enc
Normal file
Binary file not shown.
152
gst-plugin-sodium/tests/encrypter.rs
Normal file
152
gst-plugin-sodium/tests/encrypter.rs
Normal file
|
@ -0,0 +1,152 @@
|
||||||
|
// encrypter.rs
|
||||||
|
//
|
||||||
|
// Copyright 2019 Jordan Petridis <jordan@centricular.com>
|
||||||
|
//
|
||||||
|
// Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
// of this software and associated documentation files (the "Software"), to
|
||||||
|
// deal in the Software without restriction, including without limitation the
|
||||||
|
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
||||||
|
// sell copies of the Software, and to permit persons to whom the Software is
|
||||||
|
// furnished to do so, subject to the following conditions:
|
||||||
|
//
|
||||||
|
// The above copyright notice and this permission notice shall be included in
|
||||||
|
// all copies or substantial portions of the Software.
|
||||||
|
//
|
||||||
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||||
|
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
||||||
|
// IN THE SOFTWARE.
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
#[macro_use]
|
||||||
|
extern crate lazy_static;
|
||||||
|
extern crate gstrssodium;
|
||||||
|
|
||||||
|
use glib::prelude::*;
|
||||||
|
use gst::prelude::*;
|
||||||
|
|
||||||
|
lazy_static! {
|
||||||
|
static ref RECEIVER_PUBLIC: glib::Bytes = {
|
||||||
|
let public = [
|
||||||
|
28, 95, 33, 124, 28, 103, 80, 78, 7, 28, 234, 40, 226, 179, 253, 166, 169, 64, 78, 5,
|
||||||
|
57, 92, 151, 179, 221, 89, 68, 70, 44, 225, 219, 19,
|
||||||
|
];
|
||||||
|
|
||||||
|
glib::Bytes::from_owned(public)
|
||||||
|
};
|
||||||
|
static ref SENDER_PRIVATE: glib::Bytes = {
|
||||||
|
let secret = [
|
||||||
|
154, 227, 90, 239, 206, 184, 202, 234, 176, 161, 14, 91, 218, 98, 142, 13, 145, 223,
|
||||||
|
210, 222, 224, 240, 98, 51, 142, 165, 255, 1, 159, 100, 242, 162,
|
||||||
|
];
|
||||||
|
glib::Bytes::from_owned(secret)
|
||||||
|
};
|
||||||
|
static ref NONCE: glib::Bytes = {
|
||||||
|
let nonce = [
|
||||||
|
144, 187, 179, 230, 15, 4, 241, 15, 37, 133, 22, 30, 50, 106, 70, 159, 243, 218, 173,
|
||||||
|
22, 18, 36, 4, 45,
|
||||||
|
];
|
||||||
|
glib::Bytes::from_owned(nonce)
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
fn init() {
|
||||||
|
use std::sync::{Once, ONCE_INIT};
|
||||||
|
static INIT: Once = ONCE_INIT;
|
||||||
|
|
||||||
|
INIT.call_once(|| {
|
||||||
|
gst::init().unwrap();
|
||||||
|
gstrssodium::plugin_register_static().unwrap();
|
||||||
|
// set the nonce
|
||||||
|
std::env::set_var("GST_SODIUM_ENCRYPT_NONCE", hex::encode(&*NONCE));
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn encrypt_file() {
|
||||||
|
init();
|
||||||
|
|
||||||
|
let input = include_bytes!("sample.mp3");
|
||||||
|
let expected_output = include_bytes!("encrypted_sample.enc");
|
||||||
|
|
||||||
|
let mut adapter = gst_base::UniqueAdapter::new();
|
||||||
|
|
||||||
|
let enc = gst::ElementFactory::make("rssodiumencrypter", None).unwrap();
|
||||||
|
enc.set_property("sender-key", &*SENDER_PRIVATE)
|
||||||
|
.expect("failed to set property");
|
||||||
|
enc.set_property("receiver-key", &*RECEIVER_PUBLIC)
|
||||||
|
.expect("failed to set property");
|
||||||
|
enc.set_property("block-size", &1024u32)
|
||||||
|
.expect("failed to set property");
|
||||||
|
|
||||||
|
let mut h = gst_check::Harness::new_with_element(&enc, None, None);
|
||||||
|
h.add_element_src_pad(&enc.get_static_pad("src").expect("failed to get src pad"));
|
||||||
|
h.add_element_sink_pad(&enc.get_static_pad("sink").expect("failed to get src pad"));
|
||||||
|
h.set_src_caps_str("application/x-sodium-encrypted");
|
||||||
|
|
||||||
|
let buf = gst::Buffer::from_mut_slice(Vec::from(&input[..]));
|
||||||
|
|
||||||
|
assert_eq!(h.push(buf), Ok(gst::FlowSuccess::Ok));
|
||||||
|
h.push_event(gst::Event::new_eos().build());
|
||||||
|
|
||||||
|
println!("Pulling buffer...");
|
||||||
|
while let Some(buf) = h.pull() {
|
||||||
|
adapter.push(buf);
|
||||||
|
if adapter.available() >= expected_output.len() {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
let buf = adapter
|
||||||
|
.take_buffer(adapter.available())
|
||||||
|
.expect("failed to take buffer");
|
||||||
|
let map = buf.map_readable().expect("Couldn't map buffer readable");
|
||||||
|
assert_eq!(map.as_ref(), expected_output.as_ref());
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_state_changes() {
|
||||||
|
init();
|
||||||
|
|
||||||
|
// NullToReady without keys provided
|
||||||
|
{
|
||||||
|
let enc = gst::ElementFactory::make("rssodiumencrypter", None).unwrap();
|
||||||
|
assert!(enc.change_state(gst::StateChange::NullToReady).is_err());
|
||||||
|
|
||||||
|
// Set only receiver key
|
||||||
|
let enc = gst::ElementFactory::make("rssodiumencrypter", None).unwrap();
|
||||||
|
enc.set_property("receiver-key", &*RECEIVER_PUBLIC)
|
||||||
|
.expect("failed to set property");
|
||||||
|
assert!(enc.change_state(gst::StateChange::NullToReady).is_err());
|
||||||
|
|
||||||
|
// Set only sender key
|
||||||
|
let enc = gst::ElementFactory::make("rssodiumencrypter", None).unwrap();
|
||||||
|
enc.set_property("sender-key", &*SENDER_PRIVATE)
|
||||||
|
.expect("failed to set property");
|
||||||
|
assert!(enc.change_state(gst::StateChange::NullToReady).is_err());
|
||||||
|
}
|
||||||
|
|
||||||
|
// NullToReady
|
||||||
|
{
|
||||||
|
let enc = gst::ElementFactory::make("rssodiumencrypter", None).unwrap();
|
||||||
|
enc.set_property("sender-key", &*SENDER_PRIVATE)
|
||||||
|
.expect("failed to set property");
|
||||||
|
enc.set_property("receiver-key", &*RECEIVER_PUBLIC)
|
||||||
|
.expect("failed to set property");
|
||||||
|
assert!(enc.change_state(gst::StateChange::NullToReady).is_ok());
|
||||||
|
}
|
||||||
|
|
||||||
|
// ReadyToNull
|
||||||
|
{
|
||||||
|
let enc = gst::ElementFactory::make("rssodiumencrypter", None).unwrap();
|
||||||
|
enc.set_property("sender-key", &*SENDER_PRIVATE)
|
||||||
|
.expect("failed to set property");
|
||||||
|
enc.set_property("receiver-key", &*RECEIVER_PUBLIC)
|
||||||
|
.expect("failed to set property");
|
||||||
|
assert!(enc.change_state(gst::StateChange::NullToReady).is_ok());
|
||||||
|
}
|
||||||
|
}
|
BIN
gst-plugin-sodium/tests/sample.mp3
Normal file
BIN
gst-plugin-sodium/tests/sample.mp3
Normal file
Binary file not shown.
Loading…
Reference in a new issue