[svn-commits] irroot: branch irroot/distrotech-customers-1.8 r320161 - in /team/irroot/dist...
    SVN commits to the Digium repositories 
    svn-commits at lists.digium.com
       
    Fri May 20 12:41:45 CDT 2011
    
    
  
Author: irroot
Date: Fri May 20 12:41:41 2011
New Revision: 320161
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=320161
Log:
Asterisk Version
Modified:
    team/irroot/distrotech-customers-1.8/channels/chan_sip.c
    team/irroot/distrotech-customers-1.8/channels/sip/include/sdp_crypto.h
    team/irroot/distrotech-customers-1.8/channels/sip/include/sip.h
    team/irroot/distrotech-customers-1.8/channels/sip/sdp_crypto.c
Modified: team/irroot/distrotech-customers-1.8/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/team/irroot/distrotech-customers-1.8/channels/chan_sip.c?view=diff&rev=320161&r1=320160&r2=320161
==============================================================================
--- team/irroot/distrotech-customers-1.8/channels/chan_sip.c (original)
+++ team/irroot/distrotech-customers-1.8/channels/chan_sip.c Fri May 20 12:41:41 2011
@@ -5378,17 +5378,23 @@
 
 		if (p->rtp && !p->srtp && setup_srtp(&p->srtp) < 0) {
 			ast_log(LOG_WARNING, "SRTP audio setup failed\n");
-			return -1;
+			if (!ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
+				return -1;
+			}
 		}
 
 		if (p->vrtp && !p->vsrtp && setup_srtp(&p->vsrtp) < 0) {
 			ast_log(LOG_WARNING, "SRTP video setup failed\n");
-			return -1;
+			if (!ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
+				return -1;
+			}
 		}
 
 		if (p->trtp && !p->vsrtp && setup_srtp(&p->tsrtp) < 0) {
 			ast_log(LOG_WARNING, "SRTP text setup failed\n");
-			return -1;
+			if (!ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
+				return -1;
+			}
 		}
 	}
 
@@ -8775,27 +8781,43 @@
 
 	if (secure_audio && !(p->srtp && (ast_test_flag(p->srtp, SRTP_CRYPTO_OFFER_OK)))) {
 		ast_log(LOG_WARNING, "Can't provide secure audio requested in SDP offer\n");
-		return -4;
+		if (!ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
+			return -4;
+		}
 	}
 
 	if (!secure_audio && p->srtp) {
 		ast_log(LOG_WARNING, "We are requesting SRTP, but they responded without it!\n");
-		return -4;
+		if (ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
+			sip_srtp_destroy(p->srtp);
+			p->srtp = NULL;
+		} else {
+			return -4;
+		}
 	}
 
 	if (secure_video && !(p->vsrtp && (ast_test_flag(p->vsrtp, SRTP_CRYPTO_OFFER_OK)))) {
 		ast_log(LOG_WARNING, "Can't provide secure video requested in SDP offer\n");
-		return -4;
+		if (!ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
+			return -4;
+		}
 	}
 
 	if (!p->novideo && !secure_video && p->vsrtp) {
 		ast_log(LOG_WARNING, "We are requesting SRTP, but they responded without it!\n");
-		return -4;
+		if (ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
+			sip_srtp_destroy(p->vsrtp);
+			p->srtp = NULL;
+		} else {
+			return -4;
+		}
 	}
 
 	if (!(secure_audio || secure_video) && ast_test_flag(&p->flags[1], SIP_PAGE2_USE_SRTP)) {
 		ast_log(LOG_WARNING, "Matched device setup to use SRTP, but request was not!\n");
-		return -4;
+		if (!ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
+			return -4;
+		}
 	}
 
 	if (udptlportno == -1) {
@@ -10798,14 +10820,14 @@
 	}
 }
 
-static void get_crypto_attrib(struct sip_srtp *srtp, const char **a_crypto)
+static void get_crypto_attrib(struct sip_srtp *srtp, const char **a_crypto, int bitlen)
 {
 	/* Set encryption properties */
 	if (srtp) {
 		if (!srtp->crypto) {
 			srtp->crypto = sdp_crypto_setup();
 		}
-		if (srtp->crypto && (sdp_crypto_offer(srtp->crypto) >= 0)) {
+		if (srtp->crypto && (sdp_crypto_offer(srtp->crypto,bitlen) >= 0)) {
 			*a_crypto = sdp_crypto_attrib(srtp->crypto);
 		}
 
@@ -10965,7 +10987,7 @@
 		/* Ok, we need video. Let's add what we need for video and set codecs.
 		   Video is handled differently than audio since we can not transcode. */
 		if (needvideo) {
-			get_crypto_attrib(p->vsrtp, &v_a_crypto);
+			get_crypto_attrib(p->vsrtp, &v_a_crypto, ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_KEY32) ? 32 : 80);
 			ast_str_append(&m_video, 0, "m=video %d RTP/%s", ast_sockaddr_port(&vdest),
 				v_a_crypto ? "SAVP" : "AVP");
 
@@ -10982,7 +11004,7 @@
 		if (needtext) {
 			if (sipdebug_text)
 				ast_verbose("Lets set up the text sdp\n");
-			get_crypto_attrib(p->tsrtp, &t_a_crypto);
+			get_crypto_attrib(p->tsrtp, &t_a_crypto, ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_KEY32) ? 32 : 80);
 			ast_str_append(&m_text, 0, "m=text %d RTP/%s", ast_sockaddr_port(&tdest),
 				t_a_crypto ? "SAVP" : "AVP");
 			if (debug) {  /* XXX should I use tdest below ? */
@@ -10995,7 +11017,7 @@
 		/* We break with the "recommendation" and send our IP, in order that our
 		   peer doesn't have to ast_gethostbyname() us */
 
-		get_crypto_attrib(p->srtp, &a_crypto);
+		get_crypto_attrib(p->srtp, &a_crypto, ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_KEY32) ? 32 : 80);
 		ast_str_append(&m_audio, 0, "m=audio %d RTP/%s", ast_sockaddr_port(&dest),
 			a_crypto ? "SAVP" : "AVP");
 
@@ -22168,7 +22190,8 @@
 				transmit_response_with_t38_sdp(p, "200 OK", req, (reinvite ? XMIT_RELIABLE : (req->ignore ?  XMIT_UNRELIABLE : XMIT_CRITICAL)));
 			} else if ((p->t38.state == T38_DISABLED) || (p->t38.state == T38_REJECTED)) {
 				/* If this is not a re-invite or something to ignore - it's critical */
-				if (p->srtp && !ast_test_flag(p->srtp, SRTP_CRYPTO_OFFER_OK)) {
+				if (p->srtp && !ast_test_flag(p->srtp, SRTP_CRYPTO_OFFER_OK) &&
+				    !ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
 					ast_log(LOG_WARNING, "Target does not support required crypto\n");
 					transmit_response_reliable(p, "488 Not Acceptable Here (crypto)", req);
 				} else {
@@ -25839,6 +25862,27 @@
 	} else if (!strcasecmp(v->name, "buggymwi")) {
 		ast_set_flag(&mask[1], SIP_PAGE2_BUGGY_MWI);
 		ast_set2_flag(&flags[1], ast_true(v->value), SIP_PAGE2_BUGGY_MWI);
+	} else if (!strcasecmp(v->name, "encryption")) {
+		char *buf = ast_strdupa(v->value);
+		char *word, *next = buf;
+
+		ast_set_flag(&mask[1], SIP_PAGE2_USE_SRTP);
+		ast_set_flag(&mask[2], SIP_PAGE3_SRTP_TRY);
+		ast_set_flag(&mask[2], SIP_PAGE3_SRTP_KEY32);
+		ast_clear_flag(&flags[2], SIP_PAGE3_SRTP_KEY32);
+
+		while ((word = strsep(&next, ","))) {
+			if (!strcasecmp(word,"try")) {
+				ast_set_flag(&flags[1], SIP_PAGE2_USE_SRTP);
+				ast_set_flag(&flags[2], SIP_PAGE3_SRTP_TRY);
+			} else if (strcasecmp(word,"32bit")) {
+				ast_set_flag(&flags[2], SIP_PAGE3_SRTP_KEY32);
+			} else if (ast_true(word) || ast_false(word)) {
+				ast_set2_flag(&flags[2], ast_true(word), SIP_PAGE3_SRTP_TRY);
+				ast_clear_flag(&flags[2], SIP_PAGE3_SRTP_TRY);
+			}
+		}
+
 	} else
 		res = 0;
 
@@ -26576,8 +26620,6 @@
 				ast_string_field_set(peer, unsolicited_mailbox, v->value);
 			} else if (!strcasecmp(v->name, "use_q850_reason")) {
 				ast_set2_flag(&peer->flags[1], ast_true(v->value), SIP_PAGE2_Q850_REASON);
-			} else if (!strcasecmp(v->name, "encryption")) {
-				ast_set2_flag(&peer->flags[1], ast_true(v->value), SIP_PAGE2_USE_SRTP);
 			} else if (!strcasecmp(v->name, "snom_aoc_enabled")) {
 				ast_set2_flag(&peer->flags[2], ast_true(v->value), SIP_PAGE3_SNOM_AOC);
 			}
Modified: team/irroot/distrotech-customers-1.8/channels/sip/include/sdp_crypto.h
URL: http://svnview.digium.com/svn/asterisk/team/irroot/distrotech-customers-1.8/channels/sip/include/sdp_crypto.h?view=diff&rev=320161&r1=320160&r2=320161
==============================================================================
--- team/irroot/distrotech-customers-1.8/channels/sip/include/sdp_crypto.h (original)
+++ team/irroot/distrotech-customers-1.8/channels/sip/include/sdp_crypto.h Fri May 20 12:41:41 2011
@@ -68,7 +68,7 @@
  * \retval 0 success
  * \retval nonzero failure
  */
-int sdp_crypto_offer(struct sdp_crypto *p);
+int sdp_crypto_offer(struct sdp_crypto *p, int bitlen);
 
 
 /*! \brief Return the a_crypto value of the sdp_crypto struct
Modified: team/irroot/distrotech-customers-1.8/channels/sip/include/sip.h
URL: http://svnview.digium.com/svn/asterisk/team/irroot/distrotech-customers-1.8/channels/sip/include/sip.h?view=diff&rev=320161&r1=320160&r2=320161
==============================================================================
--- team/irroot/distrotech-customers-1.8/channels/sip/include/sip.h (original)
+++ team/irroot/distrotech-customers-1.8/channels/sip/include/sip.h Fri May 20 12:41:41 2011
@@ -351,9 +351,11 @@
 
 
 #define SIP_PAGE3_SNOM_AOC               (1 << 0)  /*!< DPG: Allow snom aoc messages */
+#define SIP_PAGE3_SRTP_KEY32             (1 << 1)
+#define SIP_PAGE3_SRTP_TRY               (1 << 2)
 
 #define SIP_PAGE3_FLAGS_TO_COPY \
-	(SIP_PAGE3_SNOM_AOC)
+	(SIP_PAGE3_SNOM_AOC | SIP_PAGE3_SRTP_KEY32 | SIP_PAGE3_SRTP_TRY)
 
 /*@}*/
 
Modified: team/irroot/distrotech-customers-1.8/channels/sip/sdp_crypto.c
URL: http://svnview.digium.com/svn/asterisk/team/irroot/distrotech-customers-1.8/channels/sip/sdp_crypto.c?view=diff&rev=320161&r1=320160&r2=320161
==============================================================================
--- team/irroot/distrotech-customers-1.8/channels/sip/sdp_crypto.c (original)
+++ team/irroot/distrotech-customers-1.8/channels/sip/sdp_crypto.c Fri May 20 12:41:41 2011
@@ -283,16 +283,16 @@
 	return 0;
 }
 
-int sdp_crypto_offer(struct sdp_crypto *p)
+int sdp_crypto_offer(struct sdp_crypto *p,int bitlen)
 {
 	char crypto_buf[128];
-	const char *crypto_suite = "AES_CM_128_HMAC_SHA1_80"; /* Crypto offer */
 
 	if (p->a_crypto) {
 		ast_free(p->a_crypto);
 	}
 
-	if (snprintf(crypto_buf, sizeof(crypto_buf), "a=crypto:1 %s inline:%s\r\n",  crypto_suite, p->local_key64) < 1) {
+	if (snprintf(crypto_buf, sizeof(crypto_buf), "a=crypto:1 AES_CM_128_HMAC_SHA1_%i inline:%s\r\n",
+			bitlen, p->local_key64) < 1) {
 		return -1;
 	}
 
    
    
More information about the svn-commits
mailing list