hlsenc: Add encryption support
[libav.git] / libavformat / hlsenc.c
index caf878f..5eebec8 100644 (file)
  */
 
 #include <float.h>
+#include <stdint.h>
+
+#include <config.h>
+
+#if CONFIG_GCRYPT
+#include <gcrypt.h>
+#elif CONFIG_OPENSSL
+#include <openssl/rand.h>
+#endif
 
 #include "libavutil/mathematics.h"
 #include "libavutil/parseutils.h"
 #include "libavutil/avstring.h"
+#include "libavutil/intreadwrite.h"
 #include "libavutil/opt.h"
+#include "libavutil/random_seed.h"
 #include "libavutil/log.h"
 
 #include "avformat.h"
@@ -32,7 +43,7 @@
 
 typedef struct ListEntry {
     char  name[1024];
-    int   duration;
+    int64_t duration;     // segment duration in AV_TIME_BASE units
     struct ListEntry *next;
 } ListEntry;
 
@@ -40,22 +51,131 @@ typedef struct HLSContext {
     const AVClass *class;  // Class for private options.
     unsigned number;
     int64_t sequence;
+    int64_t start_sequence;
     AVOutputFormat *oformat;
     AVFormatContext *avf;
     float time;            // Set by a private option.
     int  size;             // Set by a private option.
     int  wrap;             // Set by a private option.
+    int  version;          // Set by a private option.
+    int  allowcache;
     int64_t recording_time;
     int has_video;
+    // The following timestamps are in AV_TIME_BASE units.
     int64_t start_pts;
     int64_t end_pts;
+    int64_t duration;      // last segment duration computed so far.
     int nb_entries;
     ListEntry *list;
     ListEntry *end_list;
     char *basename;
-    AVIOContext *pb;
+    char *baseurl;
+
+    int encrypt;           // Set by a private option.
+    char *key;             // Set by a private option.
+    int key_len;
+    char *key_url;         // Set by a private option.
+    char *iv;              // Set by a private option.
+    int iv_len;
+
+    char *key_basename;
+
+    AVDictionary *enc_opts;
 } HLSContext;
 
+
+static int randomize(uint8_t *buf, int len)
+{
+#if CONFIG_GCRYPT
+    gcry_randomize(buf, len, GCRY_VERY_STRONG_RANDOM);
+    return 0;
+#elif CONFIG_OPENSSL
+    if (RAND_bytes(buf, len))
+        return 0;
+#else
+    return AVERROR(ENOSYS);
+#endif
+}
+
+static void free_encryption(AVFormatContext *s)
+{
+    HLSContext *hls = s->priv_data;
+
+    av_dict_free(&hls->enc_opts);
+
+    av_freep(&hls->key_basename);
+}
+
+static int dict_set_bin(AVDictionary **dict, const char *key, uint8_t *buf)
+{
+    char hex[33];
+
+    ff_data_to_hex(hex, buf, sizeof(buf), 0);
+    hex[32] = '\0';
+
+    return av_dict_set(dict, key, hex, 0);
+}
+
+static int setup_encryption(AVFormatContext *s)
+{
+    HLSContext *hls = s->priv_data;
+    AVIOContext *out = NULL;
+    int len, ret;
+    uint8_t buf[16];
+    uint8_t *k;
+
+    len = strlen(hls->basename) + 4 + 1;
+    hls->key_basename = av_mallocz(len);
+    if (!hls->key_basename)
+        return AVERROR(ENOMEM);
+
+    av_strlcpy(hls->key_basename, hls->basename + 7, len);
+    av_strlcat(hls->key_basename, ".key", len);
+
+    if (hls->key) {
+        if (hls->key_len != 16) {
+            av_log(s, AV_LOG_ERROR,
+                   "Invalid key size %d, expected 16-bytes hex-coded key\n",
+                   hls->key_len);
+            return AVERROR(EINVAL);
+        }
+
+        if ((ret = dict_set_bin(&hls->enc_opts, "key", hls->key)) < 0)
+            return ret;
+        k = hls->key;
+    } else {
+        if ((ret = randomize(buf, sizeof(buf))) < 0) {
+            av_log(s, AV_LOG_ERROR, "Cannot generate a strong random key\n");
+            return ret;
+        }
+
+        if ((ret = dict_set_bin(&hls->enc_opts, "key", buf)) < 0)
+            return ret;
+        k = buf;
+    }
+
+    if (hls->iv) {
+        if (hls->iv_len != 16) {
+            av_log(s, AV_LOG_ERROR,
+                   "Invalid key size %d, expected 16-bytes hex-coded initialization vector\n",
+                   hls->iv_len);
+            return AVERROR(EINVAL);
+        }
+
+        if ((ret = dict_set_bin(&hls->enc_opts, "iv", hls->iv)) < 0)
+            return ret;
+    }
+
+    if ((ret = s->io_open(s, &out, hls->key_basename, AVIO_FLAG_WRITE, NULL)) < 0)
+        return ret;
+
+    avio_write(out, k, 16);
+
+    avio_close(out);
+
+    return 0;
+}
+
 static int hls_mux_init(AVFormatContext *s)
 {
     HLSContext *hls = s->priv_data;
@@ -68,19 +188,23 @@ static int hls_mux_init(AVFormatContext *s)
 
     oc->oformat            = hls->oformat;
     oc->interrupt_callback = s->interrupt_callback;
+    oc->opaque             = s->opaque;
+    oc->io_open            = s->io_open;
+    oc->io_close           = s->io_close;
 
     for (i = 0; i < s->nb_streams; i++) {
         AVStream *st;
         if (!(st = avformat_new_stream(oc, NULL)))
             return AVERROR(ENOMEM);
-        avcodec_copy_context(st->codec, s->streams[i]->codec);
+        avcodec_parameters_copy(st->codecpar, s->streams[i]->codecpar);
         st->sample_aspect_ratio = s->streams[i]->sample_aspect_ratio;
+        st->time_base = s->streams[i]->time_base;
     }
 
     return 0;
 }
 
-static int append_entry(HLSContext *hls, uint64_t duration)
+static int append_entry(HLSContext *hls, int64_t duration)
 {
     ListEntry *en = av_malloc(sizeof(*en));
 
@@ -126,11 +250,14 @@ static int hls_window(AVFormatContext *s, int last)
 {
     HLSContext *hls = s->priv_data;
     ListEntry *en;
-    int target_duration = 0;
+    int64_t target_duration = 0;
     int ret = 0;
+    AVIOContext *out = NULL;
+    char temp_filename[1024];
+    int64_t sequence = FFMAX(hls->start_sequence, hls->sequence - hls->size);
 
-    if ((ret = avio_open2(&hls->pb, s->filename, AVIO_FLAG_WRITE,
-                          &s->interrupt_callback, NULL)) < 0)
+    snprintf(temp_filename, sizeof(temp_filename), "%s.tmp", s->filename);
+    if ((ret = s->io_open(s, &out, temp_filename, AVIO_FLAG_WRITE, NULL)) < 0)
         goto fail;
 
     for (en = hls->list; en; en = en->next) {
@@ -138,22 +265,56 @@ static int hls_window(AVFormatContext *s, int last)
             target_duration = en->duration;
     }
 
-    avio_printf(hls->pb, "#EXTM3U\n");
-    avio_printf(hls->pb, "#EXT-X-VERSION:3\n");
-    avio_printf(hls->pb, "#EXT-X-TARGETDURATION:%d\n", target_duration);
-    avio_printf(hls->pb, "#EXT-X-MEDIA-SEQUENCE:%"PRId64"\n",
-                FFMAX(0, hls->sequence - hls->size));
+    avio_printf(out, "#EXTM3U\n");
+    avio_printf(out, "#EXT-X-VERSION:%d\n", hls->version);
+    if (hls->allowcache == 0 || hls->allowcache == 1) {
+        avio_printf(out, "#EXT-X-ALLOW-CACHE:%s\n", hls->allowcache == 0 ? "NO" : "YES");
+    }
+    avio_printf(out, "#EXT-X-TARGETDURATION:%"PRId64"\n",
+                av_rescale_rnd(target_duration, 1, AV_TIME_BASE,
+                               AV_ROUND_UP));
+    avio_printf(out, "#EXT-X-MEDIA-SEQUENCE:%"PRId64"\n", sequence);
+
+    av_log(s, AV_LOG_VERBOSE, "EXT-X-MEDIA-SEQUENCE:%"PRId64"\n",
+           sequence);
 
     for (en = hls->list; en; en = en->next) {
-        avio_printf(hls->pb, "#EXTINF:%d,\n", en->duration);
-        avio_printf(hls->pb, "%s\n", en->name);
+        if (hls->encrypt) {
+            char *key_url;
+
+            if (hls->key_url)
+                key_url = hls->key_url;
+            else
+                key_url = hls->baseurl;
+
+            avio_printf(out, "#EXT-X-KEY:METHOD=AES-128");
+            avio_printf(out, ",URI=\"");
+            if (key_url)
+                avio_printf(out, "%s", key_url);
+            avio_printf(out, "%s\"", av_basename(hls->key_basename));
+            if (hls->iv)
+                avio_printf(out, ",IV=\"0x%s\"", hls->iv);
+            avio_printf(out, "\n");
+        }
+
+        if (hls->version > 2)
+            avio_printf(out, "#EXTINF:%f\n",
+                        (double)en->duration / AV_TIME_BASE);
+        else
+            avio_printf(out, "#EXTINF:%"PRId64",\n",
+                        av_rescale(en->duration, 1, AV_TIME_BASE));
+        if (hls->baseurl)
+            avio_printf(out, "%s", hls->baseurl);
+        avio_printf(out, "%s\n", en->name);
     }
 
     if (last)
-        avio_printf(hls->pb, "#EXT-X-ENDLIST\n");
+        avio_printf(out, "#EXT-X-ENDLIST\n");
 
 fail:
-    avio_closep(&hls->pb);
+    ff_format_io_close(s, &out);
+    if (ret >= 0)
+        ff_rename(temp_filename, s->filename);
     return ret;
 }
 
@@ -162,40 +323,90 @@ static int hls_start(AVFormatContext *s)
     HLSContext *c = s->priv_data;
     AVFormatContext *oc = c->avf;
     int err = 0;
+    AVDictionary *opts = NULL;
 
-    if (c->wrap)
-        c->number %= c->wrap;
 
     if (av_get_frame_filename(oc->filename, sizeof(oc->filename),
-                              c->basename, c->number++) < 0)
+                              c->basename, c->wrap ? c->sequence % c->wrap : c->sequence) < 0)
         return AVERROR(EINVAL);
+    c->number++;
+
+    if (c->encrypt) {
+        if ((err = av_dict_copy(&opts, c->enc_opts, 0)) < 0)
+            return err;
+        if (!c->iv) {
+            uint8_t iv[16] = { 0 };
+            char buf[33];
+
+            AV_WB64(iv + 8, c->sequence);
+            ff_data_to_hex(buf, iv, sizeof(iv), 0);
+            buf[32] = '\0';
+
+            if ((err = av_dict_set(&opts, "iv", buf, 0)) < 0)
+                goto fail;
+        }
+    }
 
-    if ((err = avio_open2(&oc->pb, oc->filename, AVIO_FLAG_WRITE,
-                          &s->interrupt_callback, NULL)) < 0)
+    if ((err = s->io_open(s, &oc->pb, oc->filename, AVIO_FLAG_WRITE, &opts)) < 0)
         return err;
 
     if (oc->oformat->priv_class && oc->priv_data)
         av_opt_set(oc->priv_data, "mpegts_flags", "resend_headers", 0);
 
-    return 0;
+fail:
+    av_dict_free(&opts);
+
+    return err;
 }
 
-static int hls_write_header(AVFormatContext *s)
+static int hls_setup(AVFormatContext *s)
 {
     HLSContext *hls = s->priv_data;
-    int ret, i;
-    char *p;
     const char *pattern = "%d.ts";
     int basename_size = strlen(s->filename) + strlen(pattern) + 1;
+    char *p;
+
+    if (hls->encrypt)
+        basename_size += 7;
+
+    hls->basename = av_mallocz(basename_size);
+    if (!hls->basename)
+        return AVERROR(ENOMEM);
+
+    // TODO: support protocol nesting?
+    if (hls->encrypt)
+        strcpy(hls->basename, "crypto:");
+
+    av_strlcat(hls->basename, s->filename, basename_size);
+
+    p = strrchr(hls->basename, '.');
+
+    if (p)
+        *p = '\0';
+
+    if (hls->encrypt) {
+        int ret = setup_encryption(s);
+        if (ret < 0)
+            return ret;
+    }
+
+    av_strlcat(hls->basename, pattern, basename_size);
 
-    hls->number      = 0;
+    return 0;
+}
 
+static int hls_write_header(AVFormatContext *s)
+{
+    HLSContext *hls = s->priv_data;
+    int ret, i;
+
+    hls->sequence       = hls->start_sequence;
     hls->recording_time = hls->time * AV_TIME_BASE;
     hls->start_pts      = AV_NOPTS_VALUE;
 
     for (i = 0; i < s->nb_streams; i++)
         hls->has_video +=
-            s->streams[i]->codec->codec_type == AVMEDIA_TYPE_VIDEO;
+            s->streams[i]->codecpar->codec_type == AVMEDIA_TYPE_VIDEO;
 
     if (hls->has_video > 1)
         av_log(s, AV_LOG_WARNING,
@@ -209,21 +420,8 @@ static int hls_write_header(AVFormatContext *s)
         goto fail;
     }
 
-    hls->basename = av_malloc(basename_size);
-
-    if (!hls->basename) {
-        ret = AVERROR(ENOMEM);
+    if ((ret = hls_setup(s)) < 0)
         goto fail;
-    }
-
-    strcpy(hls->basename, s->filename);
-
-    p = strrchr(hls->basename, '.');
-
-    if (p)
-        *p = '\0';
-
-    av_strlcat(hls->basename, pattern, basename_size);
 
     if ((ret = hls_mux_init(s)) < 0)
         goto fail;
@@ -240,6 +438,8 @@ fail:
         av_free(hls->basename);
         if (hls->avf)
             avformat_free_context(hls->avf);
+
+        free_encryption(s);
     }
     return ret;
 }
@@ -250,30 +450,33 @@ static int hls_write_packet(AVFormatContext *s, AVPacket *pkt)
     AVFormatContext *oc = hls->avf;
     AVStream *st = s->streams[pkt->stream_index];
     int64_t end_pts = hls->recording_time * hls->number;
+    int64_t pts     = av_rescale_q(pkt->pts, st->time_base, AV_TIME_BASE_Q);
     int ret, can_split = 1;
 
     if (hls->start_pts == AV_NOPTS_VALUE) {
-        hls->start_pts = pkt->pts;
-        hls->end_pts   = pkt->pts;
+        hls->start_pts = pts;
+        hls->end_pts   = pts;
     }
 
     if (hls->has_video) {
-        can_split = st->codec->codec_type == AVMEDIA_TYPE_VIDEO &&
+        can_split = st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO &&
                     pkt->flags & AV_PKT_FLAG_KEY;
     }
+    if (pkt->pts == AV_NOPTS_VALUE)
+        can_split = 0;
+    else
+        hls->duration = pts - hls->end_pts;
 
-    if (can_split && av_compare_ts(pkt->pts - hls->start_pts, st->time_base,
-                                   end_pts, AV_TIME_BASE_Q) >= 0) {
-        ret = append_entry(hls, av_rescale(pkt->pts - hls->end_pts,
-                                           st->time_base.num,
-                                           st->time_base.den));
+    if (can_split && pts - hls->start_pts >= end_pts) {
+        ret = append_entry(hls, hls->duration);
         if (ret)
             return ret;
 
-        hls->end_pts = pkt->pts;
+        hls->end_pts = pts;
+        hls->duration = 0;
 
         av_write_frame(oc, NULL); /* Flush any buffered data */
-        avio_close(oc->pb);
+        ff_format_io_close(s, &oc->pb);
 
         ret = hls_start(s);
 
@@ -297,23 +500,31 @@ static int hls_write_trailer(struct AVFormatContext *s)
     AVFormatContext *oc = hls->avf;
 
     av_write_trailer(oc);
-    avio_closep(&oc->pb);
+    ff_format_io_close(s, &oc->pb);
     avformat_free_context(oc);
     av_free(hls->basename);
+    append_entry(hls, hls->duration);
     hls_window(s, 1);
 
     free_entries(hls);
-    avio_close(hls->pb);
+    free_encryption(s);
     return 0;
 }
 
 #define OFFSET(x) offsetof(HLSContext, x)
 #define E AV_OPT_FLAG_ENCODING_PARAM
 static const AVOption options[] = {
-    {"start_number",  "first number in the sequence",            OFFSET(sequence),AV_OPT_TYPE_INT64,  {.i64 = 0},     0, INT64_MAX, E},
+    {"start_number",  "first number in the sequence",            OFFSET(start_sequence),AV_OPT_TYPE_INT64,  {.i64 = 0},     0, INT64_MAX, E},
     {"hls_time",      "segment length in seconds",               OFFSET(time),    AV_OPT_TYPE_FLOAT,  {.dbl = 2},     0, FLT_MAX, E},
     {"hls_list_size", "maximum number of playlist entries",      OFFSET(size),    AV_OPT_TYPE_INT,    {.i64 = 5},     0, INT_MAX, E},
     {"hls_wrap",      "number after which the index wraps",      OFFSET(wrap),    AV_OPT_TYPE_INT,    {.i64 = 0},     0, INT_MAX, E},
+    {"hls_allow_cache", "explicitly set whether the client MAY (1) or MUST NOT (0) cache media segments", OFFSET(allowcache), AV_OPT_TYPE_INT, {.i64 = -1}, INT_MIN, INT_MAX, E},
+    {"hls_base_url",  "url to prepend to each playlist entry",   OFFSET(baseurl), AV_OPT_TYPE_STRING, {.str = NULL},  0, 0,       E},
+    {"hls_version",   "protocol version",                        OFFSET(version), AV_OPT_TYPE_INT,    {.i64 = 3},     2, 3, E},
+    {"hls_enc",       "AES128 encryption support",               OFFSET(encrypt), AV_OPT_TYPE_INT,    {.i64 = 0},     0, 1, E},
+    {"hls_enc_key",   "use the specified hex-coded 16byte key to encrypt the segments",  OFFSET(key), AV_OPT_TYPE_BINARY, .flags = E},
+    {"hls_enc_key_url", "url to access the key to decrypt the segments",    OFFSET(key_url), AV_OPT_TYPE_STRING, {.str = NULL},  0, 0, E},
+    {"hls_enc_iv",     "use the specified hex-coded 16byte initialization vector",  OFFSET(iv), AV_OPT_TYPE_BINARY, .flags = E},
     { NULL },
 };
 
@@ -330,8 +541,8 @@ AVOutputFormat ff_hls_muxer = {
     .long_name      = NULL_IF_CONFIG_SMALL("Apple HTTP Live Streaming"),
     .extensions     = "m3u8",
     .priv_data_size = sizeof(HLSContext),
-    .audio_codec    = AV_CODEC_ID_MP2,
-    .video_codec    = AV_CODEC_ID_MPEG2VIDEO,
+    .audio_codec    = AV_CODEC_ID_AAC,
+    .video_codec    = AV_CODEC_ID_H264,
     .flags          = AVFMT_NOFILE | AVFMT_ALLOW_FLUSH,
     .write_header   = hls_write_header,
     .write_packet   = hls_write_packet,