diff options
Diffstat (limited to 'res')
-rw-r--r-- | res/res_pjsip_sdp_rtp.c | 26 | ||||
-rw-r--r-- | res/res_srtp.c | 65 |
2 files changed, 63 insertions, 28 deletions
diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c index 048209ce1..6610ef126 100644 --- a/res/res_pjsip_sdp_rtp.c +++ b/res/res_pjsip_sdp_rtp.c @@ -51,6 +51,7 @@ ASTERISK_REGISTER_FILE() #include "asterisk/acl.h" #include "asterisk/sdp_srtp.h" #include "asterisk/dsp.h" +#include "asterisk/linkedlists.h" /* for AST_LIST_NEXT */ #include "asterisk/res_pjsip.h" #include "asterisk/res_pjsip_session.h" @@ -938,6 +939,7 @@ static int add_crypto_to_stream(struct ast_sip_session *session, enum ast_rtp_dtls_hash hash; const char *crypto_attribute; struct ast_rtp_engine_dtls *dtls; + struct ast_sdp_srtp *tmp; static const pj_str_t STR_NEW = { "new", 3 }; static const pj_str_t STR_EXISTING = { "existing", 8 }; static const pj_str_t STR_ACTIVE = { "active", 6 }; @@ -957,16 +959,22 @@ static int add_crypto_to_stream(struct ast_sip_session *session, } } - crypto_attribute = ast_sdp_srtp_get_attrib(session_media->srtp, - 0 /* DTLS running? No */, - session->endpoint->media.rtp.srtp_tag_32 /* 32 byte tag length? */); - if (!crypto_attribute) { - /* No crypto attribute to add, bad news */ - return -1; - } + tmp = session_media->srtp; + + do { + crypto_attribute = ast_sdp_srtp_get_attrib(tmp, + 0 /* DTLS running? No */, + session->endpoint->media.rtp.srtp_tag_32 /* 32 byte tag length? */); + if (!crypto_attribute) { + /* No crypto attribute to add, bad news */ + return -1; + } + + attr = pjmedia_sdp_attr_create(pool, "crypto", + pj_cstr(&stmp, crypto_attribute)); + media->attr[media->attr_count++] = attr; + } while ((tmp = AST_LIST_NEXT(tmp, sdp_srtp_list))); - attr = pjmedia_sdp_attr_create(pool, "crypto", pj_cstr(&stmp, crypto_attribute)); - media->attr[media->attr_count++] = attr; break; case AST_SIP_MEDIA_ENCRYPT_DTLS: if (setup_dtls_srtp(session, session_media)) { diff --git a/res/res_srtp.c b/res/res_srtp.c index 0b1fb73e7..59fda76dd 100644 --- a/res/res_srtp.c +++ b/res/res_srtp.c @@ -35,7 +35,7 @@ /* See https://wiki.asterisk.org/wiki/display/AST/Secure+Calling */ -#include "asterisk.h" +#include "asterisk.h" /* for NULL, size_t, memcpy, etc */ ASTERISK_REGISTER_FILE() @@ -46,12 +46,13 @@ ASTERISK_REGISTER_FILE() #include <srtp/crypto_kernel.h> #endif -#include "asterisk/lock.h" -#include "asterisk/sched.h" -#include "asterisk/module.h" -#include "asterisk/options.h" -#include "asterisk/rtp_engine.h" -#include "asterisk/astobj2.h" +#include "asterisk/astobj2.h" /* for ao2_t_ref, etc */ +#include "asterisk/frame.h" /* for AST_FRIENDLY_OFFSET */ +#include "asterisk/logger.h" /* for ast_log, ast_debug, etc */ +#include "asterisk/module.h" /* for ast_module_info, etc */ +#include "asterisk/res_srtp.h" /* for ast_srtp_cb, ast_srtp_suite, etc */ +#include "asterisk/rtp_engine.h" /* for ast_rtp_engine_register_srtp, etc */ +#include "asterisk/utils.h" /* for ast_free, ast_calloc */ struct ast_srtp { struct ast_rtp_instance *rtp; @@ -257,23 +258,49 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite) { switch (suite) { case AST_AES_CM_128_HMAC_SHA1_80: - p->cipher_type = AES_128_ICM; - p->cipher_key_len = 30; - p->auth_type = HMAC_SHA1; - p->auth_key_len = 20; - p->auth_tag_len = 10; - p->sec_serv = sec_serv_conf_and_auth; + crypto_policy_set_aes_cm_128_hmac_sha1_80(p); return 0; case AST_AES_CM_128_HMAC_SHA1_32: - p->cipher_type = AES_128_ICM; - p->cipher_key_len = 30; - p->auth_type = HMAC_SHA1; - p->auth_key_len = 20; - p->auth_tag_len = 4; - p->sec_serv = sec_serv_conf_and_auth; + crypto_policy_set_aes_cm_128_hmac_sha1_32(p); return 0; +#ifdef HAVE_SRTP_192 + case AST_AES_CM_192_HMAC_SHA1_80: + crypto_policy_set_aes_cm_192_hmac_sha1_80(p); + return 0; + + case AST_AES_CM_192_HMAC_SHA1_32: + crypto_policy_set_aes_cm_192_hmac_sha1_32(p); + return 0; +#endif +#ifdef HAVE_SRTP_256 + case AST_AES_CM_256_HMAC_SHA1_80: + crypto_policy_set_aes_cm_256_hmac_sha1_80(p); + return 0; + + case AST_AES_CM_256_HMAC_SHA1_32: + crypto_policy_set_aes_cm_256_hmac_sha1_32(p); + return 0; +#endif +#ifdef HAVE_SRTP_GCM + case AST_AES_GCM_128: + crypto_policy_set_aes_gcm_128_16_auth(p); + return 0; + + case AST_AES_GCM_256: + crypto_policy_set_aes_gcm_256_16_auth(p); + return 0; + + case AST_AES_GCM_128_8: + crypto_policy_set_aes_gcm_128_8_auth(p); + return 0; + + case AST_AES_GCM_256_8: + crypto_policy_set_aes_gcm_256_8_auth(p); + return 0; +#endif + default: ast_log(LOG_ERROR, "Invalid crypto suite: %u\n", suite); return -1; |