[svn-commits] irroot: branch irroot/distrotech-customers-10 r333482 - in /team/irroot/distr...
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Sat Aug 27 03:10:14 CDT 2011
Author: irroot
Date: Sat Aug 27 03:10:11 2011
New Revision: 333482
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=333482
Log:
Allow Setting Auth Tag Bit length Based on invite or config option [BUG] RB1173
Modified:
team/irroot/distrotech-customers-10/CHANGES
team/irroot/distrotech-customers-10/channels/chan_sip.c
team/irroot/distrotech-customers-10/channels/sip/include/sdp_crypto.h
team/irroot/distrotech-customers-10/channels/sip/include/sip.h
team/irroot/distrotech-customers-10/channels/sip/include/srtp.h
team/irroot/distrotech-customers-10/channels/sip/sdp_crypto.c
team/irroot/distrotech-customers-10/configs/sip.conf.sample
Modified: team/irroot/distrotech-customers-10/CHANGES
URL: http://svnview.digium.com/svn/asterisk/team/irroot/distrotech-customers-10/CHANGES?view=diff&rev=333482&r1=333481&r2=333482
==============================================================================
--- team/irroot/distrotech-customers-10/CHANGES (original)
+++ team/irroot/distrotech-customers-10/CHANGES Sat Aug 27 03:10:11 2011
@@ -179,6 +179,7 @@
SIP Changes
-----------
* Add T38 support for REJECTED state where T.38 Negotiation is explicitly rejected.
+ * Add option encryption_taglen to set auth taglen only 32 and 80 are supported currently.
Queue changes
-------------
Modified: team/irroot/distrotech-customers-10/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/team/irroot/distrotech-customers-10/channels/chan_sip.c?view=diff&rev=333482&r1=333481&r2=333482
==============================================================================
--- team/irroot/distrotech-customers-10/channels/chan_sip.c (original)
+++ team/irroot/distrotech-customers-10/channels/chan_sip.c Sat Aug 27 03:10:11 2011
@@ -11096,14 +11096,25 @@
}
}
-static void get_crypto_attrib(struct sip_srtp *srtp, const char **a_crypto)
-{
+static void get_crypto_attrib(struct sip_pvt *p, struct sip_srtp *srtp, const char **a_crypto)
+{
+ int taglen = 80;
+
/* Set encryption properties */
if (srtp) {
if (!srtp->crypto) {
srtp->crypto = sdp_crypto_setup();
}
- if (srtp->crypto && (sdp_crypto_offer(srtp->crypto) >= 0)) {
+
+ /* set the key length based on INVITE or settings */
+ if (ast_test_flag(srtp, SRTP_CRYPTO_TAG_80)) {
+ taglen = 80;
+ } else if (ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TAG_32) ||
+ ast_test_flag(srtp, SRTP_CRYPTO_TAG_32)) {
+ taglen = 32;
+ }
+
+ if (srtp->crypto && (sdp_crypto_offer(srtp->crypto, taglen) >= 0)) {
*a_crypto = sdp_crypto_attrib(srtp->crypto);
}
@@ -11271,7 +11282,7 @@
/* Ok, we need video. Let's add what we need for video and set codecs.
Video is handled differently than audio since we can not transcode. */
if (needvideo) {
- get_crypto_attrib(p->vsrtp, &v_a_crypto);
+ get_crypto_attrib(p, p->vsrtp, &v_a_crypto);
ast_str_append(&m_video, 0, "m=video %d RTP/%s", ast_sockaddr_port(&vdest),
v_a_crypto ? "SAVP" : "AVP");
@@ -11288,7 +11299,7 @@
if (needtext) {
if (sipdebug_text)
ast_verbose("Lets set up the text sdp\n");
- get_crypto_attrib(p->tsrtp, &t_a_crypto);
+ get_crypto_attrib(p, p->tsrtp, &t_a_crypto);
ast_str_append(&m_text, 0, "m=text %d RTP/%s", ast_sockaddr_port(&tdest),
t_a_crypto ? "SAVP" : "AVP");
if (debug) { /* XXX should I use tdest below ? */
@@ -11301,7 +11312,7 @@
/* We break with the "recommendation" and send our IP, in order that our
peer doesn't have to ast_gethostbyname() us */
- get_crypto_attrib(p->srtp, &a_crypto);
+ get_crypto_attrib(p, p->srtp, &a_crypto);
ast_str_append(&m_audio, 0, "m=audio %d RTP/%s", ast_sockaddr_port(&dest),
a_crypto ? "SAVP" : "AVP");
@@ -27583,6 +27594,8 @@
ast_set2_flag(&peer->flags[1], ast_true(v->value), SIP_PAGE2_Q850_REASON);
} else if (!strcasecmp(v->name, "encryption")) {
ast_set2_flag(&peer->flags[1], ast_true(v->value), SIP_PAGE2_USE_SRTP);
+ } else if (!strcasecmp(v->name, "encryption_taglen")) {
+ ast_set2_flag(&peer->flags[2], !strcasecmp(v->value, "32"), SIP_PAGE3_SRTP_TAG_32);
} else if (!strcasecmp(v->name, "snom_aoc_enabled")) {
ast_set2_flag(&peer->flags[2], ast_true(v->value), SIP_PAGE3_SNOM_AOC);
}
@@ -29520,7 +29533,7 @@
return FALSE;
}
- if (sdp_crypto_process((*srtp)->crypto, a, rtp) < 0) {
+ if (sdp_crypto_process((*srtp)->crypto, a, rtp, *srtp) < 0) {
return FALSE;
}
Modified: team/irroot/distrotech-customers-10/channels/sip/include/sdp_crypto.h
URL: http://svnview.digium.com/svn/asterisk/team/irroot/distrotech-customers-10/channels/sip/include/sdp_crypto.h?view=diff&rev=333482&r1=333481&r2=333482
==============================================================================
--- team/irroot/distrotech-customers-10/channels/sip/include/sdp_crypto.h (original)
+++ team/irroot/distrotech-customers-10/channels/sip/include/sdp_crypto.h Sat Aug 27 03:10:11 2011
@@ -31,6 +31,7 @@
#include <asterisk/rtp_engine.h>
struct sdp_crypto;
+struct sip_srtp;
/*! \brief Initialize an return an sdp_crypto struct
*
@@ -51,11 +52,12 @@
* \param p A valid sdp_crypto struct
* \param attr the a:crypto line from SDP
* \param rtp The rtp instance associated with the SDP being parsed
+ * \param srtp SRTP structure
*
* \retval 0 success
* \retval nonzero failure
*/
-int sdp_crypto_process(struct sdp_crypto *p, const char *attr, struct ast_rtp_instance *rtp);
+int sdp_crypto_process(struct sdp_crypto *p, const char *attr, struct ast_rtp_instance *rtp, struct sip_srtp *srtp);
/*! \brief Generate an SRTP a=crypto offer
@@ -68,7 +70,7 @@
* \retval 0 success
* \retval nonzero failure
*/
-int sdp_crypto_offer(struct sdp_crypto *p);
+int sdp_crypto_offer(struct sdp_crypto *p, int taglen);
/*! \brief Return the a_crypto value of the sdp_crypto struct
Modified: team/irroot/distrotech-customers-10/channels/sip/include/sip.h
URL: http://svnview.digium.com/svn/asterisk/team/irroot/distrotech-customers-10/channels/sip/include/sip.h?view=diff&rev=333482&r1=333481&r2=333482
==============================================================================
--- team/irroot/distrotech-customers-10/channels/sip/include/sip.h (original)
+++ team/irroot/distrotech-customers-10/channels/sip/include/sip.h Sat Aug 27 03:10:11 2011
@@ -353,9 +353,10 @@
#define SIP_PAGE3_SNOM_AOC (1 << 0) /*!< DPG: Allow snom aoc messages */
+#define SIP_PAGE3_SRTP_TAG_32 (1 << 1) /*!< DP: Use a 32bit auth tag in INVITE not 80bit */
#define SIP_PAGE3_FLAGS_TO_COPY \
- (SIP_PAGE3_SNOM_AOC)
+ (SIP_PAGE3_SNOM_AOC | SIP_PAGE3_SRTP_TAG_32)
/*@}*/
Modified: team/irroot/distrotech-customers-10/channels/sip/include/srtp.h
URL: http://svnview.digium.com/svn/asterisk/team/irroot/distrotech-customers-10/channels/sip/include/srtp.h?view=diff&rev=333482&r1=333481&r2=333482
==============================================================================
--- team/irroot/distrotech-customers-10/channels/sip/include/srtp.h (original)
+++ team/irroot/distrotech-customers-10/channels/sip/include/srtp.h Sat Aug 27 03:10:11 2011
@@ -34,6 +34,8 @@
#define SRTP_ENCR_OPTIONAL (1 << 1) /* SRTP encryption optional */
#define SRTP_CRYPTO_ENABLE (1 << 2)
#define SRTP_CRYPTO_OFFER_OK (1 << 3)
+#define SRTP_CRYPTO_TAG_32 (1 << 4)
+#define SRTP_CRYPTO_TAG_80 (1 << 5)
/*! \brief structure for secure RTP audio */
struct sip_srtp {
Modified: team/irroot/distrotech-customers-10/channels/sip/sdp_crypto.c
URL: http://svnview.digium.com/svn/asterisk/team/irroot/distrotech-customers-10/channels/sip/sdp_crypto.c?view=diff&rev=333482&r1=333481&r2=333482
==============================================================================
--- team/irroot/distrotech-customers-10/channels/sip/sdp_crypto.c (original)
+++ team/irroot/distrotech-customers-10/channels/sip/sdp_crypto.c Sat Aug 27 03:10:11 2011
@@ -32,6 +32,7 @@
#include "asterisk/options.h"
#include "asterisk/utils.h"
#include "include/sdp_crypto.h"
+#include "include/srtp.h"
#define SRTP_MASTER_LEN 30
#define SRTP_MASTERKEY_LEN 16
@@ -188,7 +189,7 @@
return res;
}
-int sdp_crypto_process(struct sdp_crypto *p, const char *attr, struct ast_rtp_instance *rtp)
+int sdp_crypto_process(struct sdp_crypto *p, const char *attr, struct ast_rtp_instance *rtp, struct sip_srtp *srtp)
{
char *str = NULL;
char *tag = NULL;
@@ -228,8 +229,10 @@
if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_80")) {
suite_val = AST_AES_CM_128_HMAC_SHA1_80;
+ ast_set_flag(srtp, SRTP_CRYPTO_TAG_80);
} else if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_32")) {
suite_val = AST_AES_CM_128_HMAC_SHA1_32;
+ ast_set_flag(srtp, SRTP_CRYPTO_TAG_32);
} else {
ast_log(LOG_WARNING, "Unsupported crypto suite: %s\n", suite);
return -1;
@@ -283,16 +286,16 @@
return 0;
}
-int sdp_crypto_offer(struct sdp_crypto *p)
+int sdp_crypto_offer(struct sdp_crypto *p, int taglen)
{
char crypto_buf[128];
- const char *crypto_suite = "AES_CM_128_HMAC_SHA1_80"; /* Crypto offer */
if (p->a_crypto) {
ast_free(p->a_crypto);
}
- if (snprintf(crypto_buf, sizeof(crypto_buf), "a=crypto:1 %s inline:%s\r\n", crypto_suite, p->local_key64) < 1) {
+ if (snprintf(crypto_buf, sizeof(crypto_buf), "a=crypto:1 AES_CM_128_HMAC_SHA1_%i inline:%s\r\n",
+ taglen, p->local_key64) < 1) {
return -1;
}
Modified: team/irroot/distrotech-customers-10/configs/sip.conf.sample
URL: http://svnview.digium.com/svn/asterisk/team/irroot/distrotech-customers-10/configs/sip.conf.sample?view=diff&rev=333482&r1=333481&r2=333482
==============================================================================
--- team/irroot/distrotech-customers-10/configs/sip.conf.sample (original)
+++ team/irroot/distrotech-customers-10/configs/sip.conf.sample Sat Aug 27 03:10:11 2011
@@ -901,6 +901,7 @@
;encryption=no ; Whether to offer SRTP encrypted media (and only SRTP encrypted media)
; on outgoing calls to a peer. Calls will fail with HANGUPCAUSE=58 if
; the peer does not support SRTP. Defaults to no.
+;encryption_taglen=80 ; Set the auth tag length offered in the INVITE either 32/80 default 80
;----------------------------------------- REALTIME SUPPORT ------------------------
; For additional information on ARA, the Asterisk Realtime Architecture,
More information about the svn-commits
mailing list