diff options
author | Gregory Nietsky <gregory@distrotech.co.za> | 2011-09-20 16:56:11 +0000 |
---|---|---|
committer | Gregory Nietsky <gregory@distrotech.co.za> | 2011-09-20 16:56:11 +0000 |
commit | 8493c463088657a9f00e54c9b9d7c06d3ad881a2 (patch) | |
tree | 8fc95035007f64bc0728c642f5475605be022b9f /channels/chan_sip.c | |
parent | 14d3f891e0cd8985ce7305dff62d134edfabd02f (diff) |
Merged revisions 336936 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/10
........
r336936 | irroot | 2011-09-20 18:51:59 +0200 (Tue, 20 Sep 2011) | 14 lines
Allow Setting Auth Tag Bit length Based on invite or config option
Update the SIP SRTP API to allow use of 32 or 80 bit taglen.
Curently only 80 bit is supported.
The outgoing invite will use the taglen of the incoming invite preventing
one-way audio.
(Closes issue ASTERISK-17895)
Review: https://reviewboard.asterisk.org/r/1173/
........
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@336937 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'channels/chan_sip.c')
-rw-r--r-- | channels/chan_sip.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index f226b1c56..3d64c8493 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -11127,14 +11127,25 @@ static void get_our_media_address(struct sip_pvt *p, int needvideo, int needtext } } -static void get_crypto_attrib(struct sip_srtp *srtp, const char **a_crypto) +static void get_crypto_attrib(struct sip_pvt *p, struct sip_srtp *srtp, const char **a_crypto) { + int taglen = 80; + /* Set encryption properties */ if (srtp) { if (!srtp->crypto) { srtp->crypto = sdp_crypto_setup(); } - if (srtp->crypto && (sdp_crypto_offer(srtp->crypto) >= 0)) { + + /* set the key length based on INVITE or settings */ + if (ast_test_flag(srtp, SRTP_CRYPTO_TAG_80)) { + taglen = 80; + } else if (ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TAG_32) || + ast_test_flag(srtp, SRTP_CRYPTO_TAG_32)) { + taglen = 32; + } + + if (srtp->crypto && (sdp_crypto_offer(srtp->crypto, taglen) >= 0)) { *a_crypto = sdp_crypto_attrib(srtp->crypto); } @@ -11302,7 +11313,7 @@ static enum sip_result add_sdp(struct sip_request *resp, struct sip_pvt *p, int /* Ok, we need video. Let's add what we need for video and set codecs. Video is handled differently than audio since we can not transcode. */ if (needvideo) { - get_crypto_attrib(p->vsrtp, &v_a_crypto); + get_crypto_attrib(p, p->vsrtp, &v_a_crypto); ast_str_append(&m_video, 0, "m=video %d RTP/%s", ast_sockaddr_port(&vdest), v_a_crypto ? "SAVP" : "AVP"); @@ -11319,7 +11330,7 @@ static enum sip_result add_sdp(struct sip_request *resp, struct sip_pvt *p, int if (needtext) { if (sipdebug_text) ast_verbose("Lets set up the text sdp\n"); - get_crypto_attrib(p->tsrtp, &t_a_crypto); + get_crypto_attrib(p, p->tsrtp, &t_a_crypto); ast_str_append(&m_text, 0, "m=text %d RTP/%s", ast_sockaddr_port(&tdest), t_a_crypto ? "SAVP" : "AVP"); if (debug) { /* XXX should I use tdest below ? */ @@ -11332,7 +11343,7 @@ static enum sip_result add_sdp(struct sip_request *resp, struct sip_pvt *p, int /* We break with the "recommendation" and send our IP, in order that our peer doesn't have to ast_gethostbyname() us */ - get_crypto_attrib(p->srtp, &a_crypto); + get_crypto_attrib(p, p->srtp, &a_crypto); ast_str_append(&m_audio, 0, "m=audio %d RTP/%s", ast_sockaddr_port(&dest), a_crypto ? "SAVP" : "AVP"); @@ -27701,6 +27712,8 @@ static struct sip_peer *build_peer(const char *name, struct ast_variable *v, str ast_set2_flag(&peer->flags[1], ast_true(v->value), SIP_PAGE2_Q850_REASON); } else if (!strcasecmp(v->name, "encryption")) { ast_set2_flag(&peer->flags[1], ast_true(v->value), SIP_PAGE2_USE_SRTP); + } else if (!strcasecmp(v->name, "encryption_taglen")) { + ast_set2_flag(&peer->flags[2], !strcasecmp(v->value, "32"), SIP_PAGE3_SRTP_TAG_32); } else if (!strcasecmp(v->name, "snom_aoc_enabled")) { ast_set2_flag(&peer->flags[2], ast_true(v->value), SIP_PAGE3_SNOM_AOC); } @@ -29647,7 +29660,7 @@ static int process_crypto(struct sip_pvt *p, struct ast_rtp_instance *rtp, struc return FALSE; } - if (sdp_crypto_process((*srtp)->crypto, a, rtp) < 0) { + if (sdp_crypto_process((*srtp)->crypto, a, rtp, *srtp) < 0) { return FALSE; } |