[asterisk-commits] dvossel: branch 1.6.1 r175662 - in /branches/1.6.1: channels/ configs/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Fri Feb 13 14:48:48 CST 2009 

Author: dvossel
Date: Fri Feb 13 14:48:47 2009
New Revision: 175662

URL: http://svn.digium.com/svn-view/asterisk?view=rev&rev=175662
Log:
Merged revisions 175597 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/trunk

........
  r175597 | dvossel | 2009-02-13 14:11:55 -0600 (Fri, 13 Feb 2009) | 4 lines
  
  Fixed iax2 key rotation backwards compatibility
  
  Turns key rotation back on by default.  Added bit into encryption IE to indicate whether or not key rotation is supported or not. If it is not supported then it is not enabled, which insures backwards compatibility.  This eliminates the need for the keyrotate option in iax.conf, so it has been removed.  
........

Modified:
    branches/1.6.1/channels/chan_iax2.c
    branches/1.6.1/channels/iax2.h
    branches/1.6.1/configs/iax.conf.sample

Modified: branches/1.6.1/channels/chan_iax2.c
URL: http://svn.digium.com/svn-view/asterisk/branches/1.6.1/channels/chan_iax2.c?view=diff&rev=175662&r1=175661&r2=175662
==============================================================================
--- branches/1.6.1/channels/chan_iax2.c (original)
+++ branches/1.6.1/channels/chan_iax2.c Fri Feb 13 14:48:47 2009
@@ -296,7 +296,6 @@
 						     response, so that we've achieved a three-way handshake with
 						     them before sending voice or anything else*/
 	IAX_ALLOWFWDOWNLOAD = (1 << 26),	/*!< Allow the FWDOWNL command? */
-	IAX_NOKEYROTATE = (1 << 27), /*!< Disable key rotation with encryption */
 };
 
 static int global_rtautoclear = 120;
@@ -1863,7 +1862,7 @@
 			iaxs[x]->pingid = iax2_sched_add(sched, ping_time * 1000, send_ping, (void *)(long)x);
 			iaxs[x]->lagid = iax2_sched_add(sched, lagrq_time * 1000, send_lagrq, (void *)(long)x);
 			iaxs[x]->amaflags = amaflags;
-			ast_copy_flags(iaxs[x], &globalflags, IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE);
+			ast_copy_flags(iaxs[x], &globalflags, IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF);
 			
 			ast_string_field_set(iaxs[x], accountcode, accountcode);
 			ast_string_field_set(iaxs[x], mohinterpret, mohinterpret);
@@ -3474,7 +3473,7 @@
 	if (peer->maxms && ((peer->lastms > peer->maxms) || (peer->lastms < 0)))
 		goto return_unref;
 
-	ast_copy_flags(cai, peer, IAX_SENDANI | IAX_TRUNK | IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE);
+	ast_copy_flags(cai, peer, IAX_SENDANI | IAX_TRUNK | IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF);
 	cai->maxtime = peer->maxms;
 	cai->capability = peer->capability;
 	cai->encmethods = peer->encmethods;
@@ -3956,9 +3955,8 @@
 	struct iax_ie_data ied = {
 		.pos = 0,	
 	};
-
+	
 	ast_mutex_lock(&iaxsl[pvt->callno]);
-
 	pvt->keyrotateid = 
 		ast_sched_add(sched, 120000 + (ast_random() % 180001), iax2_key_rotate, vpvt);
 
@@ -4920,13 +4918,8 @@
 		pvt->keyrotateid != -1 ? "" : "no "
 	);
 #endif
-
 	if (pvt->keyrotateid == -1 && f->frametype == AST_FRAME_VOICE && IAX_CALLENCRYPTED(pvt)) {
-		if (ast_test_flag(pvt, IAX_NOKEYROTATE)) {
-			pvt->keyrotateid = -2;
-		} else {
-			iax2_key_rotate(pvt);
-		}
+		iax2_key_rotate(pvt);
 	}
 
 	if ((ast_test_flag(pvt, IAX_TRUNK) || 
@@ -6090,7 +6083,6 @@
 		ast_copy_flags(iaxs[callno], user, IAX_CODEC_USER_FIRST);
 		ast_copy_flags(iaxs[callno], user, IAX_CODEC_NOPREFS);
 		ast_copy_flags(iaxs[callno], user, IAX_CODEC_NOCAP);
-		ast_copy_flags(iaxs[callno], user, IAX_NOKEYROTATE);
 		iaxs[callno]->encmethods = user->encmethods;
 		/* Store the requested username if not specified */
 		if (ast_strlen_zero(iaxs[callno]->username))
@@ -6181,6 +6173,9 @@
 	/* Select exactly one common encryption if there are any */
 	p->encmethods &= enc;
 	if (p->encmethods) {
+		if (!(p->encmethods & IAX_ENCRYPT_KEYROTATE)){ /* if key rotation is not supported, turn off keyrotation. */
+			p->keyrotateid = -2;
+		}
 		if (p->encmethods & IAX_ENCRYPT_AES128)
 			p->encmethods = IAX_ENCRYPT_AES128;
 		else
@@ -10194,7 +10189,7 @@
 	memset(&cai, 0, sizeof(cai));
 	cai.capability = iax2_capability;
 
-	ast_copy_flags(&cai, &globalflags, IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE);
+	ast_copy_flags(&cai, &globalflags, IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF);
 	
 	/* Populate our address from the given */
 	if (create_addr(pds.peer, NULL, &sin, &cai)) {
@@ -10213,7 +10208,7 @@
 	}
 
 	/* If this is a trunk, update it now */
-	ast_copy_flags(iaxs[callno], &cai, IAX_TRUNK | IAX_SENDANI | IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE);
+	ast_copy_flags(iaxs[callno], &cai, IAX_TRUNK | IAX_SENDANI | IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF);
 	if (ast_test_flag(&cai, IAX_TRUNK)) {
 		int new_callno;
 		if ((new_callno = make_trunk(callno, 1)) != -1)
@@ -10553,9 +10548,6 @@
 
 	if (peer) {
 		if (firstpass) {
-			if (ast_test_flag(&globalflags, IAX_NOKEYROTATE)) {
-				ast_copy_flags(peer, &globalflags, IAX_NOKEYROTATE);
-			}
 			ast_copy_flags(peer, &globalflags, IAX_USEJITTERBUF | IAX_FORCEJITTERBUF);
 			peer->encmethods = iax2_encryption;
 			peer->adsi = adsi;
@@ -10605,12 +10597,7 @@
 			} else if (!strcasecmp(v->name, "auth")) {
 				peer->authmethods = get_auth_methods(v->value);
 			} else if (!strcasecmp(v->name, "encryption")) {
-				peer->encmethods = get_encrypt_methods(v->value);
-			} else if (!strcasecmp(v->name, "keyrotate")) {
-				if (ast_false(v->value))
-					ast_set_flag(peer, IAX_NOKEYROTATE);
-				else
-					ast_clear_flag(peer, IAX_NOKEYROTATE);
+				peer->encmethods |= get_encrypt_methods(v->value);
 			} else if (!strcasecmp(v->name, "transfer")) {
 				if (!strcasecmp(v->value, "mediaonly")) {
 					ast_set_flags_to(peer, IAX_NOTRANSFER|IAX_TRANSFERMEDIA, IAX_TRANSFERMEDIA);	
@@ -10820,7 +10807,7 @@
 			user->adsi = adsi;
 			ast_string_field_set(user, name, name);
 			ast_string_field_set(user, language, language);
-			ast_copy_flags(user, &globalflags, IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_CODEC_USER_FIRST | IAX_CODEC_NOPREFS | IAX_CODEC_NOCAP | IAX_NOKEYROTATE);	
+			ast_copy_flags(user, &globalflags, IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_CODEC_USER_FIRST | IAX_CODEC_NOPREFS | IAX_CODEC_NOCAP);	
 			ast_clear_flag(user, IAX_HASCALLERID);
 			ast_string_field_set(user, cid_name, "");
 			ast_string_field_set(user, cid_num, "");
@@ -10865,12 +10852,7 @@
 			} else if (!strcasecmp(v->name, "auth")) {
 				user->authmethods = get_auth_methods(v->value);
 			} else if (!strcasecmp(v->name, "encryption")) {
-				user->encmethods = get_encrypt_methods(v->value);
-			} else if (!strcasecmp(v->name, "keyrotate")) {
-				if (ast_false(v->value))
-					ast_set_flag(user, IAX_NOKEYROTATE);
-				else
-					ast_clear_flag(user, IAX_NOKEYROTATE);
+				user->encmethods |= get_encrypt_methods(v->value);
 			} else if (!strcasecmp(v->name, "transfer")) {
 				if (!strcasecmp(v->value, "mediaonly")) {
 					ast_set_flags_to(user, IAX_NOTRANSFER|IAX_TRANSFERMEDIA, IAX_TRANSFERMEDIA);	
@@ -11122,7 +11104,9 @@
 	/* Reset Global Flags */
 	memset(&globalflags, 0, sizeof(globalflags));
 	ast_set_flag(&globalflags, IAX_RTUPDATE);
-	ast_set_flag(&globalflags, IAX_NOKEYROTATE); /* turn off key rotate by default since it breaks backwards compatibility at the moment. */
+	
+	/* Turns on support for key rotation during encryption. */
+	iax2_encryption |= IAX_ENCRYPT_KEYROTATE;
 #ifdef SO_NO_CHECK
 	nochecksums = 0;
 #endif
@@ -11231,13 +11215,8 @@
 		} else if (!strcasecmp(v->name, "authdebug"))
 			authdebug = ast_true(v->value);
 		else if (!strcasecmp(v->name, "encryption"))
-			iax2_encryption = get_encrypt_methods(v->value);
-		else if (!strcasecmp(v->name, "keyrotate")) {
-			if (ast_false(v->value))
-				ast_set_flag((&globalflags), IAX_NOKEYROTATE);
-			else
-				ast_clear_flag((&globalflags), IAX_NOKEYROTATE);
-		} else if (!strcasecmp(v->name, "transfer")) {
+			iax2_encryption |= get_encrypt_methods(v->value);
+		else if (!strcasecmp(v->name, "transfer")) {
 			if (!strcasecmp(v->value, "mediaonly")) {
 				ast_set_flags_to((&globalflags), IAX_NOTRANSFER|IAX_TRANSFERMEDIA, IAX_TRANSFERMEDIA);	
 			} else if (ast_true(v->value)) {

Modified: branches/1.6.1/channels/iax2.h
URL: http://svn.digium.com/svn-view/asterisk/branches/1.6.1/channels/iax2.h?view=diff&rev=175662&r1=175661&r2=175662
==============================================================================
--- branches/1.6.1/channels/iax2.h (original)
+++ branches/1.6.1/channels/iax2.h Fri Feb 13 14:48:47 2009
@@ -187,6 +187,7 @@
 #define IAX_AUTH_RSA				(1 << 2)
 
 #define IAX_ENCRYPT_AES128			(1 << 0)
+#define IAX_ENCRYPT_KEYROTATE			(1 << 15)       /*!< Keyrotation support */
 
 #define IAX_META_TRUNK				1		/*!< Trunk meta-message */
 #define IAX_META_VIDEO				2		/*!< Video frame */

Modified: branches/1.6.1/configs/iax.conf.sample
URL: http://svn.digium.com/svn-view/asterisk/branches/1.6.1/configs/iax.conf.sample?view=diff&rev=175662&r1=175661&r2=175662
==============================================================================
--- branches/1.6.1/configs/iax.conf.sample (original)
+++ branches/1.6.1/configs/iax.conf.sample Fri Feb 13 14:48:47 2009
@@ -176,11 +176,6 @@
 ;
 ; encryption = yes
 ;
-; This is a compatibility option for older versions of IAX2 that do not support
-; key rotation with encryption.  This option will disable the IAX_COMMAND_RTENC message.
-; default is on
-;
-; keyrotate=off
 
 ; This option defines the maximum size an IAX2 trunk can grow to. The default value is 128000 bytes which
 ; represents 40ms uncompressed linear with 200 channels. Depending on different things though

More information about the asterisk-commits mailing list