[asterisk-dev] [Code Review] Add ability to reload SRTP policies
Mark Michelson
reviewboard at asterisk.org
Thu Feb 16 16:50:32 CST 2012
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/1741/#review5541
-----------------------------------------------------------
I'm with the idea in spirit, but API and ABI changes like these should not happen in the midst of a release series. My feelings on this are the same as I had on an issue of Terry's recently. If you can make the change by adding to the API without having to change existing functions, that would be preferred. I also feel like you should withhold from adding to the ast_srtp_res if at all possible in the release branches.
/branches/1.8/include/asterisk/rtp_engine.h
<https://reviewboard.asterisk.org/r/1741/#comment10177>
Typo on line 1841. Should be "local" instead of "remote"
- Mark
On Feb. 16, 2012, 11:39 a.m., Matt Jordan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/1741/
> -----------------------------------------------------------
>
> (Updated Feb. 16, 2012, 11:39 a.m.)
>
>
> Review request for Asterisk Developers, Joshua Colp, Mark Michelson, and otherwiseguy.
>
>
> Summary
> -------
>
> Currently, when using res_srtp, once the SRTP policy has been added to the current session the policy is locked into place. Any attempt to replace an existing policy, which would be needed if the remote endpoint negotiated a new cryptographic key, is instead rejected in res_srtp. We thus need to have a mechanism to replace an existing policy associated with either a local or remote endpoint.
>
> If we needed to change the key for a local policy (which we don't do, but its a hypothetical situation), changing the crytographic key is easy. The old stream associated with the local SSRC is removed, and a new stream is added. The libsrtp library has straightforward calls for this.
>
> However, for the remote policy, it isn't as easy. Because our remote policy uses a wildcard type to match on any inbound SSRC value, it can't be replaced. The libsrtp library explicitly disallows changing wildcard policies (as the policies are applied to all streams matching the respective inbound/outbound direction, so replacing a wildcard policy would entail replacing all streams associated with that policy). As such, the only thing that can be done is to deallocate the old session and create a new session.
>
> The replaces one problem with another - while we can replace the old session with a new session and a new remote policy, we would effectively destroy our local policy / stream when we do that. Currently, there is not an imposed order on when the local/remote policies are added (and in fact, we add the local one before the remote one currently). Thus, when replacing an SRTP session with a new one, the order in which things are done has to be:
> 1) Destroy the old SRTP session
> 2) Create a new SRTP session and add one of the two policies
> 3) Add the other policy
> If we don't add both policies at the same time, we could end up in a situation where we set the local policy, and then set the remote policy, blowing out the previously added local policy. Good times.
>
> This patch does the following:
> 1) It combines the adding of remote/local policies onto an SRTP session. Although this changes the rtp_engine API, in effect its minor, as the two were always added at the same time anyway by users of the API. This allows us to control the order in which things are added in res_srtp, and users of the API don't have to worry.
> 2) It adds a new virtual method to the res_srtp API, replace. This combines the destroy/create methods.
> 3) We now check for the type of stream we are adding. If we are adding a policy for a specific SSRC, we replace the existing stream. If we are adding a policy for a wildcard, we bail out if we already have a policy existing for that wildcard; otherwise we add it.
>
> This patch does some other cleanup in unprotect and unload module, including toning down the log statements and shutting down the libsrtp library on unload.
>
>
> Diffs
> -----
>
> /branches/1.8/include/asterisk/res_srtp.h 354547
> /branches/1.8/include/asterisk/rtp_engine.h 354547
> /branches/1.8/main/rtp_engine.c 354547
> /branches/1.8/res/res_srtp.c 354547
> /branches/1.8/channels/sip/sdp_crypto.c 354547
>
> Diff: https://reviewboard.asterisk.org/r/1741/diff
>
>
> Testing
> -------
>
> Made sure that the initial patch didn't break the SRTP test in the TestSuite. Made sure that the module could be loaded and unloaded.
>
> More testing is needed to make sure that the whole thing actually works.
>
>
> Thanks,
>
> Matt
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20120216/3d681f38/attachment.htm>
More information about the asterisk-dev
mailing list