[Asterisk-code-review] chan_pjsip: Add secure bridge signaling and media. (asterisk[master])

Sat Mar 5 09:15:51 CST 2022

N A has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/18186 )


Change subject: chan_pjsip: Add secure bridge signaling and media.
......................................................................

chan_pjsip: Add secure bridge signaling and media.

Adds support to PJSIP for the channel tech-agnostic
secure_bridge_signaling and secure_bridge_media options.

These options can both be read or set as with chan_sip
and other supporting channel drivers.

ASTERISK-26329

Change-Id: I089ec68601c80daf293193c8f4933fd87d7b2a17
---
M channels/chan_pjsip.c
1 file changed, 84 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/86/18186/1

diff --git a/channels/chan_pjsip.c b/channels/chan_pjsip.c
index e8fbb3d..ccbfa6d 100644
--- a/channels/chan_pjsip.c
+++ b/channels/chan_pjsip.c
@@ -102,6 +102,7 @@
 static int chan_pjsip_transfer(struct ast_channel *ast, const char *target);
 static int chan_pjsip_fixup(struct ast_channel *oldchan, struct ast_channel *newchan);
 static int chan_pjsip_devicestate(const char *data);
+static int chan_pjsip_setoption(struct ast_channel *ast, int option, void *data, int datalen);
 static int chan_pjsip_queryoption(struct ast_channel *ast, int option, void *data, int *datalen);
 static const char *chan_pjsip_get_uniqueid(struct ast_channel *ast);
 
@@ -126,6 +127,7 @@
 	.transfer = chan_pjsip_transfer,
 	.fixup = chan_pjsip_fixup,
 	.devicestate = chan_pjsip_devicestate,
+	.setoption = chan_pjsip_setoption,
 	.queryoption = chan_pjsip_queryoption,
 	.func_channel_read = pjsip_acf_channel_read,
 	.get_pvt_uniqueid = chan_pjsip_get_uniqueid,
@@ -1234,12 +1236,66 @@
 	return state;
 }
 
+/*! \brief Function called to set options on a channel */
+static int chan_pjsip_setoption(struct ast_channel *ast, int option, void *data, int datalen)
+{
+	struct ast_sip_channel_pvt *channel = ast_channel_tech_pvt(ast);
+	int res = -1;
+#ifdef HAVE_PJSIP_GET_DEST_INFO
+	pjsip_dialog *dlg;
+	pjsip_host_info dest;
+	pj_pool_t *pool;
+#endif
+
+	if (!channel) {
+		return -1;
+	}
+
+	switch (option) {
+	case AST_OPTION_SECURE_SIGNALING:
+#ifdef HAVE_PJSIP_GET_DEST_INFO
+		dlg = channel->session->inv_session->dlg;
+		pool = pjsip_endpt_create_pool(ast_sip_get_pjsip_endpoint(), "secure-check", 128, 128);
+		pjsip_get_dest_info(dlg->target, NULL, pool, &dest);
+		if ((*(unsigned int *) data) == 0) {
+			dest.flag &= ~PJSIP_TRANSPORT_SECURE;
+		} else if ((*(unsigned int *) data) == 1) {
+			dest.flag |= PJSIP_TRANSPORT_SECURE;
+		}
+		pjsip_endpt_release_pool(ast_sip_get_pjsip_endpoint(), pool);
+		res = 0;
+#else
+		ast_log(LOG_WARNING, "Asterisk has been built against a version of pjproject which does not have the required functionality to support secure_bridge_signaling. Please upgrade to version 2.3 or later.\n");
+#endif
+		break;
+	case AST_OPTION_SECURE_MEDIA:
+		if ((*(unsigned int *) data) == 0) {
+			channel->session->endpoint->media.rtp.encryption = AST_SIP_MEDIA_ENCRYPT_NONE;
+		} else if ((*(unsigned int *) data) == 1 && channel->session->endpoint->media.rtp.encryption != AST_SIP_MEDIA_ENCRYPT_DTLS) {
+			/* If we're not already configured to do DTLS, add SDES encryption. Otherwise, leave as is. */
+			channel->session->endpoint->media.rtp.encryption = AST_SIP_MEDIA_ENCRYPT_SDES;
+		}
+		res = 0;
+		break;
+	default:
+		break;
+	}
+
+	return res;
+}
+
 /*! \brief Function called to query options on a channel */
 static int chan_pjsip_queryoption(struct ast_channel *ast, int option, void *data, int *datalen)
 {
 	struct ast_sip_channel_pvt *channel = ast_channel_tech_pvt(ast);
 	int res = -1;
 	enum ast_t38_state state = T38_STATE_UNAVAILABLE;
+	struct ast_sip_session_media *media;
+#ifdef HAVE_PJSIP_GET_DEST_INFO
+	pjsip_dialog *dlg;
+	pjsip_host_info dest;
+	pj_pool_t *pool;
+#endif
 
 	if (!channel) {
 		return -1;
@@ -1269,6 +1325,34 @@
 		res = 0;
 
 		break;
+	case AST_OPTION_SECURE_SIGNALING:
+#ifdef HAVE_PJSIP_GET_DEST_INFO
+		dlg = channel->session->inv_session->dlg;
+		pool = pjsip_endpt_create_pool(ast_sip_get_pjsip_endpoint(), "secure-check", 128, 128);
+		pjsip_get_dest_info(dlg->target, NULL, pool, &dest);
+		*((unsigned int *) data) = dest.flag & PJSIP_TRANSPORT_SECURE ? 1 : 0;
+		pjsip_endpt_release_pool(ast_sip_get_pjsip_endpoint(), pool);
+#else
+		ast_log(LOG_WARNING, "Asterisk has been built against a version of pjproject which does not have the required functionality to support secure_bridge_signaling. Please upgrade to version 2.3 or later.\n");
+#endif
+		break;
+	case AST_OPTION_SECURE_MEDIA:
+		switch (channel->session->endpoint->media.rtp.encryption) {
+		case AST_SIP_MEDIA_ENCRYPT_SDES:
+		case AST_SIP_MEDIA_ENCRYPT_DTLS:
+			media = channel->session->active_media_state->default_session[AST_MEDIA_TYPE_AUDIO];
+			*((unsigned int *) data) = ast_test_flag(media->srtp, AST_SRTP_CRYPTO_OFFER_OK) ? 1 : 0;
+			res = 0;
+			break;
+		case AST_SIP_MEDIA_ENCRYPT_NONE:
+			*((unsigned int *) data) = 0;
+			res = 0;
+			break;
+		default: /* includes AST_SIP_MEDIA_TRANSPORT_INVALID */
+			*((unsigned int *) data) = 0;
+			break;
+		}
+		break;
 	default:
 		break;
 	}

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/18186
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: I089ec68601c80daf293193c8f4933fd87d7b2a17
Gerrit-Change-Number: 18186
Gerrit-PatchSet: 1
Gerrit-Owner: N A <mail at interlinked.x10host.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20220305/4de1130c/attachment-0001.html>
