Mercurial > hg > pmhd

annotate ffmpeg/libavformat/rtmpcrypt.c @ 13:844d341cf643 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Back up before ISMIR
author Yading Song <yading.song@eecs.qmul.ac.uk>
date Thu, 31 Oct 2013 13:17:06 +0000
parents f445c3017523
children
rev   line source
yading@11 1 /*
yading@11 2 * RTMPE network protocol
yading@11 3 * Copyright (c) 2008-2009 Andrej Stepanchuk
yading@11 4 * Copyright (c) 2009-2010 Howard Chu
yading@11 5 * Copyright (c) 2012 Samuel Pitoiset
yading@11 6 *
yading@11 7 * This file is part of FFmpeg.
yading@11 8 *
yading@11 9 * FFmpeg is free software; you can redistribute it and/or
yading@11 10 * modify it under the terms of the GNU Lesser General Public
yading@11 11 * License as published by the Free Software Foundation; either
yading@11 12 * version 2.1 of the License, or (at your option) any later version.
yading@11 13 *
yading@11 14 * FFmpeg is distributed in the hope that it will be useful,
yading@11 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
yading@11 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
yading@11 17 * Lesser General Public License for more details.
yading@11 18 *
yading@11 19 * You should have received a copy of the GNU Lesser General Public
yading@11 20 * License along with FFmpeg; if not, write to the Free Software
yading@11 21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
yading@11 22 */
yading@11 23
yading@11 24 /**
yading@11 25 * @file
yading@11 26 * RTMPE protocol
yading@11 27 */
yading@11 28
yading@11 29 #include "libavutil/blowfish.h"
yading@11 30 #include "libavutil/intreadwrite.h"
yading@11 31 #include "libavutil/opt.h"
yading@11 32 #include "libavutil/rc4.h"
yading@11 33 #include "libavutil/xtea.h"
yading@11 34
yading@11 35 #include "internal.h"
yading@11 36 #include "rtmp.h"
yading@11 37 #include "rtmpdh.h"
yading@11 38 #include "rtmpcrypt.h"
yading@11 39 #include "url.h"
yading@11 40
yading@11 41 /* protocol handler context */
yading@11 42 typedef struct RTMPEContext {
yading@11 43 const AVClass *class;
yading@11 44 URLContext *stream; ///< TCP stream
yading@11 45 FF_DH *dh; ///< Diffie-Hellman context
yading@11 46 struct AVRC4 key_in; ///< RC4 key used for decrypt data
yading@11 47 struct AVRC4 key_out; ///< RC4 key used for encrypt data
yading@11 48 int handshaked; ///< flag indicating when the handshake is performed
yading@11 49 int tunneling; ///< use a HTTP connection (RTMPTE)
yading@11 50 } RTMPEContext;
yading@11 51
yading@11 52 static const uint8_t rtmpe8_keys[16][16] = {
yading@11 53 { 0xbf, 0xf0, 0x34, 0xb2, 0x11, 0xd9, 0x08, 0x1f,
yading@11 54 0xcc, 0xdf, 0xb7, 0x95, 0x74, 0x8d, 0xe7, 0x32 },
yading@11 55 { 0x08, 0x6a, 0x5e, 0xb6, 0x17, 0x43, 0x09, 0x0e,
yading@11 56 0x6e, 0xf0, 0x5a, 0xb8, 0xfe, 0x5a, 0x39, 0xe2 },
yading@11 57 { 0x7b, 0x10, 0x95, 0x6f, 0x76, 0xce, 0x05, 0x21,
yading@11 58 0x23, 0x88, 0xa7, 0x3a, 0x44, 0x01, 0x49, 0xa1 },
yading@11 59 { 0xa9, 0x43, 0xf3, 0x17, 0xeb, 0xf1, 0x1b, 0xb2,
yading@11 60 0xa6, 0x91, 0xa5, 0xee, 0x17, 0xf3, 0x63, 0x39 },
yading@11 61 { 0x7a, 0x30, 0xe0, 0x0a, 0xb5, 0x29, 0xe2, 0x2c,
yading@11 62 0xa0, 0x87, 0xae, 0xa5, 0xc0, 0xcb, 0x79, 0xac },
yading@11 63 { 0xbd, 0xce, 0x0c, 0x23, 0x2f, 0xeb, 0xde, 0xff,
yading@11 64 0x1c, 0xfa, 0xae, 0x16, 0x11, 0x23, 0x23, 0x9d },
yading@11 65 { 0x55, 0xdd, 0x3f, 0x7b, 0x77, 0xe7, 0xe6, 0x2e,
yading@11 66 0x9b, 0xb8, 0xc4, 0x99, 0xc9, 0x48, 0x1e, 0xe4 },
yading@11 67 { 0x40, 0x7b, 0xb6, 0xb4, 0x71, 0xe8, 0x91, 0x36,
yading@11 68 0xa7, 0xae, 0xbf, 0x55, 0xca, 0x33, 0xb8, 0x39 },
yading@11 69 { 0xfc, 0xf6, 0xbd, 0xc3, 0xb6, 0x3c, 0x36, 0x97,
yading@11 70 0x7c, 0xe4, 0xf8, 0x25, 0x04, 0xd9, 0x59, 0xb2 },
yading@11 71 { 0x28, 0xe0, 0x91, 0xfd, 0x41, 0x95, 0x4c, 0x4c,
yading@11 72 0x7f, 0xb7, 0xdb, 0x00, 0xe3, 0xa0, 0x66, 0xf8 },
yading@11 73 { 0x57, 0x84, 0x5b, 0x76, 0x4f, 0x25, 0x1b, 0x03,
yading@11 74 0x46, 0xd4, 0x5b, 0xcd, 0xa2, 0xc3, 0x0d, 0x29 },
yading@11 75 { 0x0a, 0xcc, 0xee, 0xf8, 0xda, 0x55, 0xb5, 0x46,
yading@11 76 0x03, 0x47, 0x34, 0x52, 0x58, 0x63, 0x71, 0x3b },
yading@11 77 { 0xb8, 0x20, 0x75, 0xdc, 0xa7, 0x5f, 0x1f, 0xee,
yading@11 78 0xd8, 0x42, 0x68, 0xe8, 0xa7, 0x2a, 0x44, 0xcc },
yading@11 79 { 0x07, 0xcf, 0x6e, 0x9e, 0xa1, 0x6d, 0x7b, 0x25,
yading@11 80 0x9f, 0xa7, 0xae, 0x6c, 0xd9, 0x2f, 0x56, 0x29 },
yading@11 81 { 0xfe, 0xb1, 0xea, 0xe4, 0x8c, 0x8c, 0x3c, 0xe1,
yading@11 82 0x4e, 0x00, 0x64, 0xa7, 0x6a, 0x38, 0x7c, 0x2a },
yading@11 83 { 0x89, 0x3a, 0x94, 0x27, 0xcc, 0x30, 0x13, 0xa2,
yading@11 84 0xf1, 0x06, 0x38, 0x5b, 0xa8, 0x29, 0xf9, 0x27 }
yading@11 85 };
yading@11 86
yading@11 87 static const uint8_t rtmpe9_keys[16][24] = {
yading@11 88 { 0x79, 0x34, 0x77, 0x4c, 0x67, 0xd1, 0x38, 0x3a, 0xdf, 0xb3, 0x56, 0xbe,
yading@11 89 0x8b, 0x7b, 0xd0, 0x24, 0x38, 0xe0, 0x73, 0x58, 0x41, 0x5d, 0x69, 0x67, },
yading@11 90 { 0x46, 0xf6, 0xb4, 0xcc, 0x01, 0x93, 0xe3, 0xa1, 0x9e, 0x7d, 0x3c, 0x65,
yading@11 91 0x55, 0x86, 0xfd, 0x09, 0x8f, 0xf7, 0xb3, 0xc4, 0x6f, 0x41, 0xca, 0x5c, },
yading@11 92 { 0x1a, 0xe7, 0xe2, 0xf3, 0xf9, 0x14, 0x79, 0x94, 0xc0, 0xd3, 0x97, 0x43,
yading@11 93 0x08, 0x7b, 0xb3, 0x84, 0x43, 0x2f, 0x9d, 0x84, 0x3f, 0x21, 0x01, 0x9b, },
yading@11 94 { 0xd3, 0xe3, 0x54, 0xb0, 0xf7, 0x1d, 0xf6, 0x2b, 0x5a, 0x43, 0x4d, 0x04,
yading@11 95 0x83, 0x64, 0x3e, 0x0d, 0x59, 0x2f, 0x61, 0xcb, 0xb1, 0x6a, 0x59, 0x0d, },
yading@11 96 { 0xc8, 0xc1, 0xe9, 0xb8, 0x16, 0x56, 0x99, 0x21, 0x7b, 0x5b, 0x36, 0xb7,
yading@11 97 0xb5, 0x9b, 0xdf, 0x06, 0x49, 0x2c, 0x97, 0xf5, 0x95, 0x48, 0x85, 0x7e, },
yading@11 98 { 0xeb, 0xe5, 0xe6, 0x2e, 0xa4, 0xba, 0xd4, 0x2c, 0xf2, 0x16, 0xe0, 0x8f,
yading@11 99 0x66, 0x23, 0xa9, 0x43, 0x41, 0xce, 0x38, 0x14, 0x84, 0x95, 0x00, 0x53, },
yading@11 100 { 0x66, 0xdb, 0x90, 0xf0, 0x3b, 0x4f, 0xf5, 0x6f, 0xe4, 0x9c, 0x20, 0x89,
yading@11 101 0x35, 0x5e, 0xd2, 0xb2, 0xc3, 0x9e, 0x9f, 0x7f, 0x63, 0xb2, 0x28, 0x81, },
yading@11 102 { 0xbb, 0x20, 0xac, 0xed, 0x2a, 0x04, 0x6a, 0x19, 0x94, 0x98, 0x9b, 0xc8,
yading@11 103 0xff, 0xcd, 0x93, 0xef, 0xc6, 0x0d, 0x56, 0xa7, 0xeb, 0x13, 0xd9, 0x30, },
yading@11 104 { 0xbc, 0xf2, 0x43, 0x82, 0x09, 0x40, 0x8a, 0x87, 0x25, 0x43, 0x6d, 0xe6,
yading@11 105 0xbb, 0xa4, 0xb9, 0x44, 0x58, 0x3f, 0x21, 0x7c, 0x99, 0xbb, 0x3f, 0x24, },
yading@11 106 { 0xec, 0x1a, 0xaa, 0xcd, 0xce, 0xbd, 0x53, 0x11, 0xd2, 0xfb, 0x83, 0xb6,
yading@11 107 0xc3, 0xba, 0xab, 0x4f, 0x62, 0x79, 0xe8, 0x65, 0xa9, 0x92, 0x28, 0x76, },
yading@11 108 { 0xc6, 0x0c, 0x30, 0x03, 0x91, 0x18, 0x2d, 0x7b, 0x79, 0xda, 0xe1, 0xd5,
yading@11 109 0x64, 0x77, 0x9a, 0x12, 0xc5, 0xb1, 0xd7, 0x91, 0x4f, 0x96, 0x4c, 0xa3, },
yading@11 110 { 0xd7, 0x7c, 0x2a, 0xbf, 0xa6, 0xe7, 0x85, 0x7c, 0x45, 0xad, 0xff, 0x12,
yading@11 111 0x94, 0xd8, 0xde, 0xa4, 0x5c, 0x3d, 0x79, 0xa4, 0x44, 0x02, 0x5d, 0x22, },
yading@11 112 { 0x16, 0x19, 0x0d, 0x81, 0x6a, 0x4c, 0xc7, 0xf8, 0xb8, 0xf9, 0x4e, 0xcd,
yading@11 113 0x2c, 0x9e, 0x90, 0x84, 0xb2, 0x08, 0x25, 0x60, 0xe1, 0x1e, 0xae, 0x18, },
yading@11 114 { 0xe9, 0x7c, 0x58, 0x26, 0x1b, 0x51, 0x9e, 0x49, 0x82, 0x60, 0x61, 0xfc,
yading@11 115 0xa0, 0xa0, 0x1b, 0xcd, 0xf5, 0x05, 0xd6, 0xa6, 0x6d, 0x07, 0x88, 0xa3, },
yading@11 116 { 0x2b, 0x97, 0x11, 0x8b, 0xd9, 0x4e, 0xd9, 0xdf, 0x20, 0xe3, 0x9c, 0x10,
yading@11 117 0xe6, 0xa1, 0x35, 0x21, 0x11, 0xf9, 0x13, 0x0d, 0x0b, 0x24, 0x65, 0xb2, },
yading@11 118 { 0x53, 0x6a, 0x4c, 0x54, 0xac, 0x8b, 0x9b, 0xb8, 0x97, 0x29, 0xfc, 0x60,
yading@11 119 0x2c, 0x5b, 0x3a, 0x85, 0x68, 0xb5, 0xaa, 0x6a, 0x44, 0xcd, 0x3f, 0xa7, },
yading@11 120 };
yading@11 121
yading@11 122 int ff_rtmpe_gen_pub_key(URLContext *h, uint8_t *buf)
yading@11 123 {
yading@11 124 RTMPEContext *rt = h->priv_data;
yading@11 125 int offset, ret;
yading@11 126
yading@11 127 if (!(rt->dh = ff_dh_init(1024)))
yading@11 128 return AVERROR(ENOMEM);
yading@11 129
yading@11 130 offset = ff_rtmp_calc_digest_pos(buf, 768, 632, 8);
yading@11 131 if (offset < 0)
yading@11 132 return offset;
yading@11 133
yading@11 134 /* generate a Diffie-Hellmann public key */
yading@11 135 if ((ret = ff_dh_generate_public_key(rt->dh)) < 0)
yading@11 136 return ret;
yading@11 137
yading@11 138 /* write the public key into the handshake buffer */
yading@11 139 if ((ret = ff_dh_write_public_key(rt->dh, buf + offset, 128)) < 0)
yading@11 140 return ret;
yading@11 141
yading@11 142 return 0;
yading@11 143 }
yading@11 144
yading@11 145 int ff_rtmpe_compute_secret_key(URLContext *h, const uint8_t *serverdata,
yading@11 146 const uint8_t *clientdata, int type)
yading@11 147 {
yading@11 148 RTMPEContext *rt = h->priv_data;
yading@11 149 uint8_t secret_key[128], digest[32];
yading@11 150 int server_pos, client_pos;
yading@11 151 int ret;
yading@11 152
yading@11 153 if (type) {
yading@11 154 if ((server_pos = ff_rtmp_calc_digest_pos(serverdata, 1532, 632, 772)) < 0)
yading@11 155 return server_pos;
yading@11 156 } else {
yading@11 157 if ((server_pos = ff_rtmp_calc_digest_pos(serverdata, 768, 632, 8)) < 0)
yading@11 158 return server_pos;
yading@11 159 }
yading@11 160
yading@11 161 if ((client_pos = ff_rtmp_calc_digest_pos(clientdata, 768, 632, 8)) < 0)
yading@11 162 return client_pos;
yading@11 163
yading@11 164 /* compute the shared secret secret in order to compute RC4 keys */
yading@11 165 if ((ret = ff_dh_compute_shared_secret_key(rt->dh, serverdata + server_pos,
yading@11 166 128, secret_key)) < 0)
yading@11 167 return ret;
yading@11 168
yading@11 169 /* set output key */
yading@11 170 if ((ret = ff_rtmp_calc_digest(serverdata + server_pos, 128, 0, secret_key,
yading@11 171 128, digest)) < 0)
yading@11 172 return ret;
yading@11 173 av_rc4_init(&rt->key_out, digest, 16 * 8, 1);
yading@11 174
yading@11 175 /* set input key */
yading@11 176 if ((ret = ff_rtmp_calc_digest(clientdata + client_pos, 128, 0, secret_key,
yading@11 177 128, digest)) < 0)
yading@11 178 return ret;
yading@11 179 av_rc4_init(&rt->key_in, digest, 16 * 8, 1);
yading@11 180
yading@11 181 return 0;
yading@11 182 }
yading@11 183
yading@11 184 static void rtmpe8_sig(const uint8_t *in, uint8_t *out, int key_id)
yading@11 185 {
yading@11 186 struct AVXTEA ctx;
yading@11 187
yading@11 188 av_xtea_init(&ctx, rtmpe8_keys[key_id]);
yading@11 189 av_xtea_crypt(&ctx, out, in, 1, NULL, 0);
yading@11 190 }
yading@11 191
yading@11 192 static void rtmpe9_sig(const uint8_t *in, uint8_t *out, int key_id)
yading@11 193 {
yading@11 194 struct AVBlowfish ctx;
yading@11 195 uint32_t xl, xr;
yading@11 196
yading@11 197 xl = AV_RL32(in);
yading@11 198 xr = AV_RL32(in + 4);
yading@11 199
yading@11 200 av_blowfish_init(&ctx, rtmpe9_keys[key_id], 24);
yading@11 201 av_blowfish_crypt_ecb(&ctx, &xl, &xr, 0);
yading@11 202
yading@11 203 AV_WL32(out, xl);
yading@11 204 AV_WL32(out + 4, xr);
yading@11 205 }
yading@11 206
yading@11 207 void ff_rtmpe_encrypt_sig(URLContext *h, uint8_t *sig, const uint8_t *digest,
yading@11 208 int type)
yading@11 209 {
yading@11 210 int i;
yading@11 211
yading@11 212 for (i = 0; i < 32; i += 8) {
yading@11 213 if (type == 8) {
yading@11 214 /* RTMPE type 8 uses XTEA on the signature */
yading@11 215 rtmpe8_sig(sig + i, sig + i, digest[i] % 15);
yading@11 216 } else if (type == 9) {
yading@11 217 /* RTMPE type 9 uses Blowfish on the signature */
yading@11 218 rtmpe9_sig(sig + i, sig + i, digest[i] % 15);
yading@11 219 }
yading@11 220 }
yading@11 221 }
yading@11 222
yading@11 223 int ff_rtmpe_update_keystream(URLContext *h)
yading@11 224 {
yading@11 225 RTMPEContext *rt = h->priv_data;
yading@11 226 char buf[RTMP_HANDSHAKE_PACKET_SIZE];
yading@11 227
yading@11 228 /* skip past 1536 bytes of the RC4 bytestream */
yading@11 229 av_rc4_crypt(&rt->key_in, buf, NULL, sizeof(buf), NULL, 1);
yading@11 230 av_rc4_crypt(&rt->key_out, buf, NULL, sizeof(buf), NULL, 1);
yading@11 231
yading@11 232 /* the next requests will be encrypted using RC4 keys */
yading@11 233 rt->handshaked = 1;
yading@11 234
yading@11 235 return 0;
yading@11 236 }
yading@11 237
yading@11 238 static int rtmpe_close(URLContext *h)
yading@11 239 {
yading@11 240 RTMPEContext *rt = h->priv_data;
yading@11 241
yading@11 242 ff_dh_free(rt->dh);
yading@11 243 ffurl_close(rt->stream);
yading@11 244
yading@11 245 return 0;
yading@11 246 }
yading@11 247
yading@11 248 static int rtmpe_open(URLContext *h, const char *uri, int flags)
yading@11 249 {
yading@11 250 RTMPEContext *rt = h->priv_data;
yading@11 251 char host[256], url[1024];
yading@11 252 int ret, port;
yading@11 253
yading@11 254 av_url_split(NULL, 0, NULL, 0, host, sizeof(host), &port, NULL, 0, uri);
yading@11 255
yading@11 256 if (rt->tunneling) {
yading@11 257 if (port < 0)
yading@11 258 port = 80;
yading@11 259 ff_url_join(url, sizeof(url), "ffrtmphttp", NULL, host, port, NULL);
yading@11 260 } else {
yading@11 261 if (port < 0)
yading@11 262 port = 1935;
yading@11 263 ff_url_join(url, sizeof(url), "tcp", NULL, host, port, NULL);
yading@11 264 }
yading@11 265
yading@11 266 /* open the tcp or ffrtmphttp connection */
yading@11 267 if ((ret = ffurl_open(&rt->stream, url, AVIO_FLAG_READ_WRITE,
yading@11 268 &h->interrupt_callback, NULL)) < 0) {
yading@11 269 rtmpe_close(h);
yading@11 270 return ret;
yading@11 271 }
yading@11 272
yading@11 273 return 0;
yading@11 274 }
yading@11 275
yading@11 276 static int rtmpe_read(URLContext *h, uint8_t *buf, int size)
yading@11 277 {
yading@11 278 RTMPEContext *rt = h->priv_data;
yading@11 279 int ret;
yading@11 280
yading@11 281 rt->stream->flags |= h->flags & AVIO_FLAG_NONBLOCK;
yading@11 282 ret = ffurl_read(rt->stream, buf, size);
yading@11 283 rt->stream->flags &= ~AVIO_FLAG_NONBLOCK;
yading@11 284
yading@11 285 if (ret < 0 && ret != AVERROR_EOF)
yading@11 286 return ret;
yading@11 287
yading@11 288 if (rt->handshaked && ret > 0) {
yading@11 289 /* decrypt data received by the server */
yading@11 290 av_rc4_crypt(&rt->key_in, buf, buf, ret, NULL, 1);
yading@11 291 }
yading@11 292
yading@11 293 return ret;
yading@11 294 }
yading@11 295
yading@11 296 static int rtmpe_write(URLContext *h, const uint8_t *buf, int size)
yading@11 297 {
yading@11 298 RTMPEContext *rt = h->priv_data;
yading@11 299 int ret;
yading@11 300
yading@11 301 if (rt->handshaked) {
yading@11 302 /* encrypt data to send to the server */
yading@11 303 av_rc4_crypt(&rt->key_out, buf, buf, size, NULL, 1);
yading@11 304 }
yading@11 305
yading@11 306 if ((ret = ffurl_write(rt->stream, buf, size)) < 0)
yading@11 307 return ret;
yading@11 308
yading@11 309 return size;
yading@11 310 }
yading@11 311
yading@11 312 #define OFFSET(x) offsetof(RTMPEContext, x)
yading@11 313 #define DEC AV_OPT_FLAG_DECODING_PARAM
yading@11 314
yading@11 315 static const AVOption ffrtmpcrypt_options[] = {
yading@11 316 {"ffrtmpcrypt_tunneling", "Use a HTTP tunneling connection (RTMPTE).", OFFSET(tunneling), AV_OPT_TYPE_INT, {.i64 = 0}, 0, 1, DEC},
yading@11 317 { NULL },
yading@11 318 };
yading@11 319
yading@11 320 static const AVClass ffrtmpcrypt_class = {
yading@11 321 .class_name = "ffrtmpcrypt",
yading@11 322 .item_name = av_default_item_name,
yading@11 323 .option = ffrtmpcrypt_options,
yading@11 324 .version = LIBAVUTIL_VERSION_INT,
yading@11 325 };
yading@11 326
yading@11 327 URLProtocol ff_ffrtmpcrypt_protocol = {
yading@11 328 .name = "ffrtmpcrypt",
yading@11 329 .url_open = rtmpe_open,
yading@11 330 .url_read = rtmpe_read,
yading@11 331 .url_write = rtmpe_write,
yading@11 332 .url_close = rtmpe_close,
yading@11 333 .priv_data_size = sizeof(RTMPEContext),
yading@11 334 .flags = URL_PROTOCOL_FLAG_NETWORK,
yading@11 335 .priv_data_class = &ffrtmpcrypt_class,
yading@11 336 };