Browse code
avformat/hlsenc: allow dynamic encryption key rotation
Makes behaviour of 805ce25b1d2f optional, re-enables
HLS key rotation feature
Reviewed-by: Steven Liu <lq@onvideo.cn>
Signed-off-by: DHE <git@dehacked.net>
DeHackEd authored on 2017/08/06 16:10:35Showing 2 changed files
| ... | ... |
@@ -551,7 +551,7 @@ format. The optional third line specifies the initialization vector (IV) as a |
| 551 | 551 |
hexadecimal string to be used instead of the segment sequence number (default) |
| 552 | 552 |
for encryption. Changes to @var{key_info_file} will result in segment
|
| 553 | 553 |
encryption with the new key/IV and an entry in the playlist for the new key |
| 554 |
-URI/IV. |
|
| 554 |
+URI/IV if @code{hls_flags periodic_rekey} is enabled.
|
|
| 555 | 555 |
|
| 556 | 556 |
Key info file format: |
| 557 | 557 |
@example |
| ... | ... |
@@ -665,6 +665,11 @@ first segment's information. |
| 665 | 665 |
@item omit_endlist |
| 666 | 666 |
Do not append the @code{EXT-X-ENDLIST} tag at the end of the playlist.
|
| 667 | 667 |
|
| 668 |
+@item periodic_rekey |
|
| 669 |
+The file specified by @code{hls_key_info_file} will be checked periodically and
|
|
| 670 |
+detect updates to the encryption info. Be sure to replace this file atomically, |
|
| 671 |
+including the file containing the AES encryption key. |
|
| 672 |
+ |
|
| 668 | 673 |
@item split_by_time |
| 669 | 674 |
Allow segments to start on frames other than keyframes. This improves |
| 670 | 675 |
behavior on some players when the time between keyframes is inconsistent, |
| ... | ... |
@@ -85,6 +85,7 @@ typedef enum HLSFlags {
|
| 85 | 85 |
HLS_SECOND_LEVEL_SEGMENT_DURATION = (1 << 9), // include segment duration (microsec) in segment filenames when use_localtime e.g.: %%09t |
| 86 | 86 |
HLS_SECOND_LEVEL_SEGMENT_SIZE = (1 << 10), // include segment size (bytes) in segment filenames when use_localtime e.g.: %%014s |
| 87 | 87 |
HLS_TEMP_FILE = (1 << 11), |
| 88 |
+ HLS_PERIODIC_REKEY = (1 << 12), |
|
| 88 | 89 |
} HLSFlags; |
| 89 | 90 |
|
| 90 | 91 |
typedef enum {
|
| ... | ... |
@@ -1236,7 +1237,7 @@ static int hls_start(AVFormatContext *s) |
| 1236 | 1236 |
" will use -hls_key_info_file priority\n"); |
| 1237 | 1237 |
} |
| 1238 | 1238 |
|
| 1239 |
- if (c->number <= 1) {
|
|
| 1239 |
+ if (c->number <= 1 || (c->flags & HLS_PERIODIC_REKEY)) {
|
|
| 1240 | 1240 |
if (c->key_info_file) {
|
| 1241 | 1241 |
if ((err = hls_encryption_start(s)) < 0) |
| 1242 | 1242 |
goto fail; |
| ... | ... |
@@ -1804,6 +1805,7 @@ static const AVOption options[] = {
|
| 1804 | 1804 |
{"second_level_segment_index", "include segment index in segment filenames when use_localtime", 0, AV_OPT_TYPE_CONST, {.i64 = HLS_SECOND_LEVEL_SEGMENT_INDEX }, 0, UINT_MAX, E, "flags"},
|
| 1805 | 1805 |
{"second_level_segment_duration", "include segment duration in segment filenames when use_localtime", 0, AV_OPT_TYPE_CONST, {.i64 = HLS_SECOND_LEVEL_SEGMENT_DURATION }, 0, UINT_MAX, E, "flags"},
|
| 1806 | 1806 |
{"second_level_segment_size", "include segment size in segment filenames when use_localtime", 0, AV_OPT_TYPE_CONST, {.i64 = HLS_SECOND_LEVEL_SEGMENT_SIZE }, 0, UINT_MAX, E, "flags"},
|
| 1807 |
+ {"periodic_rekey", "reload keyinfo file periodically for re-keying", 0, AV_OPT_TYPE_CONST, {.i64 = HLS_PERIODIC_REKEY }, 0, UINT_MAX, E, "flags"},
|
|
| 1807 | 1808 |
{"use_localtime", "set filename expansion with strftime at segment creation", OFFSET(use_localtime), AV_OPT_TYPE_BOOL, {.i64 = 0 }, 0, 1, E },
|
| 1808 | 1809 |
{"use_localtime_mkdir", "create last directory component in strftime-generated filename", OFFSET(use_localtime_mkdir), AV_OPT_TYPE_BOOL, {.i64 = 0 }, 0, 1, E },
|
| 1809 | 1810 |
{"hls_playlist_type", "set the HLS playlist type", OFFSET(pl_type), AV_OPT_TYPE_INT, {.i64 = PLAYLIST_TYPE_NONE }, 0, PLAYLIST_TYPE_NB-1, E, "pl_type" },
|