libavformat/tls.h

   1 /*
   2  * TLS/DTLS/SSL Protocol
   3  * Copyright (c) 2011 Martin Storsjo
   4  * Copyright (c) 2025 Jack Lau
   5  *
   6  * This file is part of FFmpeg.
   7  *
   8  * FFmpeg is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public
  10  * License as published by the Free Software Foundation; either
  11  * version 2.1 of the License, or (at your option) any later version.
  12  *
  13  * FFmpeg is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with FFmpeg; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  21  */
  22
  23 #ifndef AVFORMAT_TLS_H
  24 #define AVFORMAT_TLS_H
  25
  26 #include "libavutil/bprint.h"
  27 #include "libavutil/opt.h"
  28 #include "version.h"
  29
  30 #include "url.h"
  31
  32 /**
  33  * Maximum size limit of a certificate and private key size.
  34  */
  35 #define MAX_CERTIFICATE_SIZE 8192
  36
  37 typedef struct TLSShared {
  38     const AVClass *class;
  39     char *ca_file;
  40     int verify;
  41     char *cert_file;
  42     char *key_file;
  43     int listen;
  44
  45     char *host;
  46     char *http_proxy;
  47
  48     char underlying_host[200];
  49     int numerichost;
  50
  51     int external_sock;
  52     URLContext *udp;
  53     URLContext *tcp;
  54
  55     int is_dtls;
  56     int use_srtp;
  57
  58     /* The certificate and private key content used for DTLS handshake */
  59     char* cert_buf;
  60     char* key_buf;
  61
  62     /**
  63      * The size of RTP packet, should generally be set to MTU.
  64      * Note that pion requires a smaller value, for example, 1200.
  65      */
  66     int mtu;
  67 } TLSShared;
  68
  69 #define TLS_OPTFL (AV_OPT_FLAG_DECODING_PARAM | AV_OPT_FLAG_ENCODING_PARAM)
  70
  71 #if FF_API_NO_DEFAULT_TLS_VERIFY
  72 #define TLS_VERIFY_DEFAULT 0
  73 #else
  74 #define TLS_VERIFY_DEFAULT 1
  75 #endif
  76
  77 #define FF_TLS_CLIENT_OPTIONS(pstruct, options_field) \
  78     {"ca_file",    "Certificate Authority database file", offsetof(pstruct, options_field . ca_file),   AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
  79     {"cafile",     "Certificate Authority database file", offsetof(pstruct, options_field . ca_file),   AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
  80     {"tls_verify", "Verify the peer certificate",         offsetof(pstruct, options_field . verify),    AV_OPT_TYPE_BOOL, { .i64 = TLS_VERIFY_DEFAULT }, 0, 1, .flags = TLS_OPTFL }, \
  81     {"verify",     "Verify the peer certificate",         offsetof(pstruct, options_field . verify),    AV_OPT_TYPE_BOOL, { .i64 = TLS_VERIFY_DEFAULT }, 0, 1, .flags = TLS_OPTFL }, \
  82     {"cert_file",  "Certificate file",                    offsetof(pstruct, options_field . cert_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
  83     {"cert",       "Certificate file",                    offsetof(pstruct, options_field . cert_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
  84     {"key_file",   "Private key file",                    offsetof(pstruct, options_field . key_file),  AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
  85     {"key",        "Private key file",                    offsetof(pstruct, options_field . key_file),  AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
  86     {"verifyhost", "Verify against a specific hostname",  offsetof(pstruct, options_field . host),      AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }
  87
  88 #define TLS_COMMON_OPTIONS(pstruct, options_field) \
  89     {"listen",     "Listen for incoming connections",     offsetof(pstruct, options_field . listen),    AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
  90     {"http_proxy", "Set proxy to tunnel through",         offsetof(pstruct, options_field . http_proxy), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
  91     {"external_sock", "Use external socket",              offsetof(pstruct, options_field . external_sock), AV_OPT_TYPE_BOOL, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
  92     {"use_srtp",   "Enable use_srtp DTLS extension",      offsetof(pstruct, options_field . use_srtp),  AV_OPT_TYPE_BOOL, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
  93     {"mtu", "Maximum Transmission Unit", offsetof(pstruct, options_field . mtu), AV_OPT_TYPE_INT,  { .i64 = 0 }, 0, INT_MAX, .flags = TLS_OPTFL}, \
  94     {"cert_pem",   "Certificate PEM string",              offsetof(pstruct, options_field . cert_buf),  AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
  95     {"key_pem",    "Private key PEM string",              offsetof(pstruct, options_field . key_buf),   AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
  96     FF_TLS_CLIENT_OPTIONS(pstruct, options_field)
  97
  98 int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options);
  99
 100 int ff_url_read_all(const char *url, AVBPrint *bp);
 101
 102 int ff_tls_set_external_socket(URLContext *h, URLContext *sock);
 103
 104 int ff_dtls_export_materials(URLContext *h, char *dtls_srtp_materials, size_t materials_sz);
 105
 106 int ff_ssl_read_key_cert(char *key_url, char *cert_url, char *key_buf, size_t key_sz, char *cert_buf, size_t cert_sz, char **fingerprint);
 107
 108 int ff_ssl_gen_key_cert(char *key_buf, size_t key_sz, char *cert_buf, size_t cert_sz, char **fingerprint);
 109
 110 void ff_gnutls_init(void);
 111 void ff_gnutls_deinit(void);
 112
 113 int ff_openssl_init(void);
 114 void ff_openssl_deinit(void);
 115
 116 #endif /* AVFORMAT_TLS_H */