Digest(MD5, SHA-256) authentication when connecting to RTSP from GstRtspServer

Please provide complete information as applicable to your setup.

• Hardware Platform (Jetson / GPU)
Jetson Orin NX
• DeepStream Version
6.2
• JetPack Version (valid for Jetson only)
5.3.1
• TensorRT Version
8.5.2
• NVIDIA GPU Driver Version (valid for GPU only)
• Issue Type( questions, new requirements, bugs)
questions
• How to reproduce the issue ? (This is for bugs. Including which sample app is using, the configuration files content, the command line used and other details for reproducing)
• Requirement details( This is for new requirement. Including the module name-for which plugin or for which sample application, the function description)

Hello, I have written an rtspserver that performs digest authentication using python as shown below. The stream receives RTP transmitted internally and serves video.

#!/usr/bin/env python

import gi
import sys
import os

gi.require_version('Gst', '1.0')
gi.require_version('GstRtspServer', '1.0')
from gi.repository import Gst, GstRtspServer, GObject, GLib, Gio

# Initialize GStreamer
Gst.init(None)

# Enable debugging
#Gst.debug_set_active(True)
#Gst.debug_set_default_threshold(Gst.DebugLevel.DEBUG)

class RTSPServer:
    def __init__(self):
        self.server = GstRtspServer.RTSPServer.new()
        self.server.set_service('554')
        
        username = 'admin'
        password = 'pass'
        
        self.auth = GstRtspServer.RTSPAuth()
        self.auth.set_supported_methods(2)        
        
        self.token = GstRtspServer.RTSPToken()
               
        self.token.set_string('media.factory.role', username)
        self.auth.add_digest(username, password, self.token) 

        # Set RTSP server authentication
        self.server.set_auth(self.auth)
        
        self.permissions = GstRtspServer.RTSPPermissions()
        self.permissions.add_role(username)
        self.permissions.add_permission_for_role(username, "media.factory.access", True)
        self.permissions.add_permission_for_role(username, "media.factory.construct", True)

        self.factory1 = GstRtspServer.RTSPMediaFactory.new()
        self.factory1.set_permissions(self.permissions)
        self.factory1.set_launch('( udpsrc port=6001 caps="application/x-rtp" ! rtph264depay ! h264parse ! rtph264pay name=pay0 pt=96 )')
        self.factory1.set_shared(True)  # Allow multiple clients to connect

        self.factory2 = GstRtspServer.RTSPMediaFactory.new()
        self.factory2.set_permissions(self.permissions)
        self.factory2.set_launch('( udpsrc port=6004 caps="application/x-rtp" ! rtph264depay ! h264parse ! rtph264pay name=pay0 pt=96 )')
        self.factory2.set_shared(True)  # Allow multiple clients to connect

        self.mounts = self.server.get_mount_points()
        
        self.mounts.add_factory('/Stream1', self.factory1)
        self.mounts.add_factory('/Stream2', self.factory2)
        
        self.server.attach(None)
        print("RTSP server is attached and running")

if __name__ == '__main__':
    loop = GLib.MainLoop()
    server = RTSPServer()
    print('RTSP server is running at rtsp://<IP_ADDRESS>/Stream1 and rtsp://<IP_ADDRESS>/Stream2')
    try:
        loop.run()
    except KeyboardInterrupt:
        loop.quit()

When connecting to rtsp using vlc, authentication is possible with ID and password, but if you check the wireshark message below, only digest basic authentication is performed, and “MD5” or “SHA-256” do not work.

Real Time Streaming Protocol
    Response: RTSP/1.0 401 Unauthorized\r\n
    CSeq: 6\r\n
    WWW-Authenticate: Digest realm="GStreamer RTSP Server", nonce="eaa6c34e2102bd9e"\r\n
    Server: GStreamer RTSP server\r\n
    Date: Tue, 04 Jun 2024 04:38:56 GMT\r\n
    \r\n

If you connect to rtsp using vlc from another general IP camera, you can see that “MD5” or “SHA-256” is supported in the wireshark message below.

Real Time Streaming Protocol
    Response: RTSP/1.0 401 Unauthorized\r\n
    CSeq: 3\r\n
    Date: Tue, Jun 04 2024 13:28:09 GMT\r\n
    WWW-Authenticate: Digest realm="LIVE555 Streaming Media", domain="video1", qop="auth", nonce="44f19cd397349d35dcd0b0cf2ff46dfa", opaque="", algorithm="SHA-256", stale="FALSE"\r\n
    WWW-Authenticate: Digest realm="LIVE555 Streaming Media", domain="video1", qop="auth", nonce="44f19cd397349d35dcd0b0cf2ff46dfa", opaque="", algorithm="MD5", stale="FALSE"\r\n
    WWW-Authenticate: Digest realm="LIVE555 Streaming Media", nonce="44f19cd397349d35dcd0b0cf2ff46dfa"\r\n
    \r\n

The question I have for you is:

  1. I would like to support “MD5” and “SHA-256” authentication in the rtspserver I wrote. How can I do this?

  2. I am curious as to why the basic authentication of the rtspserver I wrote has a nonce length of 16 bytes, but the nonce length of other general IP cameras is 32 bytes.

rtspserver is Gstreamer opensource plugin. the two questions would be outside of DeepStream. please check the GStreamer code. Thanks!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.