From b55fafdfbfd3cec792f08efc0814167bfe40bb03 Mon Sep 17 00:00:00 2001 From: Jan Schmidt Date: Thu, 28 Jan 2016 04:58:00 +1100 Subject: [PATCH] rtspclientsink: Simplify slightly using new -base API Use the new Mikey and SDP API in the base plugins libs to simplify some code. https://bugzilla.gnome.org/show_bug.cgi?id=758180 --- gst/rtsp-sink/gstrtspclientsink.c | 136 ++++-------------------------- 1 file changed, 16 insertions(+), 120 deletions(-) diff --git a/gst/rtsp-sink/gstrtspclientsink.c b/gst/rtsp-sink/gstrtspclientsink.c index 55c40463e0..3d5076f46b 100644 --- a/gst/rtsp-sink/gstrtspclientsink.c +++ b/gst/rtsp-sink/gstrtspclientsink.c @@ -150,12 +150,6 @@ gst_rtsp_client_sink_ntp_time_source_get_type (void) return ntp_time_source_type; } -#define AES_128_KEY_LEN 16 -#define AES_256_KEY_LEN 32 - -#define HMAC_32_KEY_LEN 4 -#define HMAC_80_KEY_LEN 10 - #define DEFAULT_LOCATION NULL #define DEFAULT_PROTOCOLS GST_RTSP_LOWER_TRANS_UDP | GST_RTSP_LOWER_TRANS_UDP_MCAST | GST_RTSP_LOWER_TRANS_TCP #define DEFAULT_DEBUG FALSE @@ -3511,32 +3505,6 @@ fail: return GST_RTSP_ERROR; } -static guint8 -enc_key_length_from_cipher_name (const gchar * cipher) -{ - if (g_strcmp0 (cipher, "aes-128-icm") == 0) - return AES_128_KEY_LEN; - else if (g_strcmp0 (cipher, "aes-256-icm") == 0) - return AES_256_KEY_LEN; - else { - GST_ERROR ("encryption algorithm '%s' not supported", cipher); - return 0; - } -} - -static guint8 -auth_key_length_from_auth_name (const gchar * auth) -{ - if (g_strcmp0 (auth, "hmac-sha1-32") == 0) - return HMAC_32_KEY_LEN; - else if (g_strcmp0 (auth, "hmac-sha1-80") == 0) - return HMAC_80_KEY_LEN; - else { - GST_ERROR ("authentication algorithm '%s' not supported", auth); - return 0; - } -} - static GstCaps * signal_get_srtcp_params (GstRTSPClientSink * sink, GstRTSPStreamContext * context) @@ -3556,103 +3524,31 @@ static gchar * gst_rtsp_client_sink_stream_make_keymgmt (GstRTSPClientSink * sink, GstRTSPStreamContext * context) { - GBytes *bytes; - gchar *result, *base64; - const guint8 *data; - gsize size; - GstMIKEYMessage *msg; - GstMIKEYPayload *payload, *pkd; - guint8 byte; - GstStructure *s; - GstMapInfo info; - GstBuffer *srtpkey; - const GValue *val; - const gchar *srtcpcipher, *srtcpauth; - guint send_ssrc; + gchar *base64, *result = NULL; + GstMIKEYMessage *mikey_msg; context->srtcpparams = signal_get_srtcp_params (sink, context); if (context->srtcpparams == NULL) context->srtcpparams = gst_rtsp_stream_get_caps (context->stream); - s = gst_caps_get_structure (context->srtcpparams, 0); + mikey_msg = gst_mikey_message_new_from_caps (context->srtcpparams); + if (mikey_msg) { + guint send_ssrc; - srtcpcipher = gst_structure_get_string (s, "srtcp-cipher"); - srtcpauth = gst_structure_get_string (s, "srtcp-auth"); - val = gst_structure_get_value (s, "srtp-key"); + /* add policy '0' for our SSRC */ + gst_rtsp_stream_get_ssrc (context->stream, &send_ssrc); + GST_LOG_OBJECT (sink, "Stream %p ssrc %x", context->stream, send_ssrc); + gst_mikey_message_add_cs_srtp (mikey_msg, 0, send_ssrc, 0); - if (srtcpcipher == NULL || srtcpauth == NULL || val == NULL) { - GST_ERROR_OBJECT (sink, "could not find the right SRTP parameters in caps"); - return NULL; + base64 = gst_mikey_message_base64_encode (mikey_msg); + gst_mikey_message_unref (mikey_msg); + + if (base64) { + result = gst_sdp_make_keymgmt (context->conninfo.location, base64); + g_free (base64); + } } - srtpkey = gst_value_get_buffer (val); - - gst_rtsp_stream_get_ssrc (context->stream, &send_ssrc); - GST_LOG_OBJECT (sink, "Stream %p ssrc %x", context->stream, send_ssrc); - - msg = gst_mikey_message_new (); - /* unencrypted MIKEY message, we send this over TLS so this is allowed */ - gst_mikey_message_set_info (msg, GST_MIKEY_VERSION, GST_MIKEY_TYPE_PSK_INIT, - FALSE, GST_MIKEY_PRF_MIKEY_1, g_random_int (), GST_MIKEY_MAP_TYPE_SRTP); - /* add policy '0' for our SSRC */ - gst_mikey_message_add_cs_srtp (msg, 0, send_ssrc, 0); - /* timestamp is now */ - gst_mikey_message_add_t_now_ntp_utc (msg); - /* add some random data */ - gst_mikey_message_add_rand_len (msg, 16); - - /* the policy '0' is SRTP */ - payload = gst_mikey_payload_new (GST_MIKEY_PT_SP); - gst_mikey_payload_sp_set (payload, 0, GST_MIKEY_SEC_PROTO_SRTP); - - /* only AES-CM is supported */ - byte = 1; - gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_ENC_ALG, 1, &byte); - /* encryption key length */ - byte = enc_key_length_from_cipher_name (srtcpcipher); - gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_ENC_KEY_LEN, 1, - &byte); - /* only HMAC-SHA1 */ - gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_AUTH_ALG, 1, - &byte); - /* authentication key length */ - byte = auth_key_length_from_auth_name (srtcpauth); - gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_AUTH_KEY_LEN, 1, - &byte); - /* we enable encryption on RTP and RTCP */ - gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_SRTP_ENC, 1, - &byte); - gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_SRTCP_ENC, 1, - &byte); - /* we enable authentication on RTP and RTCP */ - gst_mikey_payload_sp_add_param (payload, GST_MIKEY_SP_SRTP_SRTP_AUTH, 1, - &byte); - gst_mikey_message_add_payload (msg, payload); - - /* make unencrypted KEMAC */ - payload = gst_mikey_payload_new (GST_MIKEY_PT_KEMAC); - gst_mikey_payload_kemac_set (payload, GST_MIKEY_ENC_NULL, GST_MIKEY_MAC_NULL); - /* add the key in KEMAC */ - pkd = gst_mikey_payload_new (GST_MIKEY_PT_KEY_DATA); - gst_buffer_map (srtpkey, &info, GST_MAP_READ); - gst_mikey_payload_key_data_set_key (pkd, GST_MIKEY_KD_TEK, info.size, - info.data); - gst_buffer_unmap (srtpkey, &info); - gst_mikey_payload_kemac_add_sub (payload, pkd); - gst_mikey_message_add_payload (msg, payload); - - /* now serialize this to bytes */ - bytes = gst_mikey_message_to_bytes (msg, NULL, NULL); - gst_mikey_message_unref (msg); - /* and make it into base64 */ - data = g_bytes_get_data (bytes, &size); - base64 = g_base64_encode (data, size); - g_bytes_unref (bytes); - - result = g_strdup_printf ("prot=mikey;uri=\"%s\";data=\"%s\"", - context->conninfo.location, base64); - g_free (base64); - return result; }