RidgeRun gst-crypto GStreamer Plugin
Overview
RidgeRun's gst-crypto plugin makes it easy to encrypt or decrypt content passing through a GStreamer pipeline. gst-crypto will take advantage of any available crypto hardware accelerators. gst-crypto is based on OpenSSL so any encryption technology supported by OpenSSL can be supported by gst-crypto. Currently, only aes-128-cbc cipher is support. gst-crypto source code has not yet been reviewed by experts for security deficiencies.
Features
- aes-128-cbc cipher support
- Password or key/iv setup
- GStreamer-0.10 support
Example Use Cases
- Capture audio/video from a camera directly into an encrypted media file.
- Decrypt streaming audio/video and render to local display/speakers.
Support
Modifications or extensions needed? Integration into other Embedded Linux Systems (e.g. Ubuntu, Yocto, ...)?
Build and run on a local Linux PC
Tested on Ubuntu-14.04 64 bit:
Source code fetch
git clone git@github.com:RidgeRun/gst-crypto cd gst-crypto git checkout release-0.10
Compilation
./autogen.sh ./configure make sudo make install
Test pipeline
echo "This is a crypto test ... " > plain.txt && gst-launch filesrc location=plain.txt ! gst-crypto mode=enc ! gst-crypto mode=dec ! filesink location=dec.txt && cat dec.txt
Source code
Location
Clone
git clone https://github.com/RidgeRun/gst-crypto
Branch 0.10
git checkout release-0.10
Note: There are tagged releases also.
RR SDK Integration
One of our demo SDK's can be used:
- i.MX6 SabreLite board - with crypto hardware acceleration
- DM368 Leopard board - no crypto hardware available
Integration of e.g. version 0.10.0.
Subdirectory structure
├── fs ├── apps ├── gst-crypto-0.10.0 ├── Config ├── Makefile └── metainfo
fs/apps/gst-crypto-0.10.0/Config
config FS_APPS_GST_CRYPTO bool "gst-crypto-0.10.0" select FS_APPS_GSTREAMER_PLUGINS_BASE help This option enables RidgeRuns gst-crypto plugin.
fs/apps/gst-crypto-0.10.0/Makefile
#$L$ # Copyright (C) 2015 Ridgerun (http://www.ridgerun.com). ##$L$ PKG_URL=https://www.ridgerun.com/packages PKG_TARBALL=gst-crypto-0.10.0.tar.gz PKG_SHA1SUM=e13a42358174b36a2273e0d5b902128d38b552fd include ../../../bsp/classes/rrsdk.class include $(CLASSES)/gstreamer-plugin.class
fs/apps/gst-crypto-0.10.0/metainfo
TARGET_REQUIRED="gstreamer gst-plugins-base"
RR SDK configuration
Execution
`make env` make config
Configuration
File System Configuration ---> Select target's file system software ---> [*] gst-crypto-0.10.0
Example pipelines
Creating a encrypted video with the openssl tool and playback
Tested on Ubuntu-14.04 64bit:
Download demo video
wget http://blender-mirror.kino3d.org/peach/bigbuckbunny_movies/big_buck_bunny_720p_surround.avi
Encrypt
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in big_buck_bunny_720p_surround.avi -out big_buck_bunny_720p_surround.enc
Playback
Playback on a local display
gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.enc ! gst-crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Streaming to a host
On the target board:
gst-launch filesrc location=big_buck_bunny_720p_surround.enc ! gst-crypto mode=dec ! queue ! mux. ffmux_mpegts name=mux ! queue ! udpsink port=3000 host=10.251.101.40 sync=false enable-last-buffer=false
Note: Replace the IP address according to your host system
On the host:
gst-launch udpsrc port=3000 ! mpegtsdemux ! queue ! decodebin ! fpsdisplaysink sync=false async=false
Using Crypto Hardware Acceleration
Crypto Hardware Acceleration can be used transparently with the plugin and can be configured independently.
There are some considerations to take into account:
- Does the MCU include a hardware crypto unit (e.g. CAAM on i.MX6)?
- Which setup would result in a performance gain (e.g data block size on i.MX6)?
- Is the cipher to be used supported by the hardware crypto unit and the kernel driver?
- Is the kernel driver implemented efficiently?
See: