res_rtp_asterisk: Use separate SRTP session for RTCP with DTLS

Asterisk uses separate UDP ports for RTP and RTCP traffic and RFC 5764 explicitly states: There MUST be a separate DTLS-SRTP session for each distinct pair of source and destination ports used by a media session This means RTP keying material cannot be used for DTLS RTCP, which was the reason why RTCP encryption would fail. ASTERISK-25642 Change-Id: I7e8779d8b63e371088081bb113131361b2847e3a
2025-10-08 22:27:07 +00:00 · 2016-03-25 16:59:05 +01:00
parent 36d016b1ab
commit 0cfab30b28
4 changed files with 42 additions and 22 deletions
--- a/include/asterisk/rtp_engine.h
+++ b/include/asterisk/rtp_engine.h
@@ -2191,20 +2191,22 @@ int ast_rtp_instance_sendcng(struct ast_rtp_instance *instance, int level);
 * \param instance the RTP instance
 * \param remote_policy the remote endpoint's policy
 * \param local_policy our policy for this RTP instance's remote endpoint
+ * \param rtcp 1 for dedicated RTCP policies
 *
 * \retval 0 Success
 * \retval non-zero Failure
 */
-int ast_rtp_instance_add_srtp_policy(struct ast_rtp_instance *instance, struct ast_srtp_policy* remote_policy, struct ast_srtp_policy *local_policy);
+int ast_rtp_instance_add_srtp_policy(struct ast_rtp_instance *instance, struct ast_srtp_policy* remote_policy, struct ast_srtp_policy *local_policy, int rtcp);

 /*!
 * \brief Obtain the SRTP instance associated with an RTP instance
 *
 * \param instance the RTP instance
+ * \param rtcp 1 to request instance for RTCP
 * \retval the SRTP instance on success
 * \retval NULL if no SRTP instance exists
 */
-struct ast_srtp *ast_rtp_instance_get_srtp(struct ast_rtp_instance *instance);
+struct ast_srtp *ast_rtp_instance_get_srtp(struct ast_rtp_instance *instance, int rtcp);

 /*! \brief Custom formats declared in codecs.conf at startup must be communicated to the rtp_engine
 * so their mime type can payload number can be initialized. */