kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-12 15:45:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add DTLS-SRTP support to chan_pjsip

Browse Source 
This patch introduces DTLS-SRTP support to chan_pjsip and the options
necessary to configure it including an option to allow choosing between
32 and 80 byte SRTP tag lengths.

During the implementation and testing of this patch, three other bugs
were found and their fixes are included with this patch. The two in
chan_sip were a segfault relating to DTLS setup and mistaken call
rejection. The third bug fix prevents chan_pjsip from attempting to
perform bridge optimization between two endpoints if either of them is
running any form of SRTP.

Review: https://reviewboard.asterisk.org/r/2683/
(closes issue ASTERISK-21419)


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@395121 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Kinsey Moore
2013-07-23 13:52:06 +00:00
parent f6a227a451
commit 98504fec8e
8 changed files with 362 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
channels/chan_gulp.c
View File

@@ -384,6 +384,10 @@ static enum ast_rtp_glue_result gulp_get_rtp_peer(struct ast_channel *chan, stru
ao2_ref(*instance, +1);
ast_assert(endpoint != NULL);
if (endpoint->media_encryption != AST_SIP_MEDIA_ENCRYPT_NONE) {
return AST_RTP_GLUE_RESULT_FORBID;
}
if (endpoint->direct_media) {
return AST_RTP_GLUE_RESULT_REMOTE;
}
@@ -396,14 +400,22 @@ static enum ast_rtp_glue_result gulp_get_vrtp_peer(struct ast_channel *chan, str
{
struct ast_sip_channel_pvt *channel = ast_channel_tech_pvt(chan);
struct gulp_pvt *pvt = channel->pvt;
struct ast_sip_endpoint *endpoint;
if (!pvt || !channel->session || !pvt->media[SIP_MEDIA_VIDEO]->rtp) {
return AST_RTP_GLUE_RESULT_FORBID;
}
endpoint = channel->session->endpoint;
*instance = pvt->media[SIP_MEDIA_VIDEO]->rtp;
ao2_ref(*instance, +1);
ast_assert(endpoint != NULL);
if (endpoint->media_encryption != AST_SIP_MEDIA_ENCRYPT_NONE) {
return AST_RTP_GLUE_RESULT_FORBID;
}
return AST_RTP_GLUE_RESULT_LOCAL;
}

12
channels/chan_sip.c
View File

@@ -10193,6 +10193,7 @@ static int process_sdp(struct sip_pvt *p, struct sip_request *req, int t38action
} else if (!strcmp(protocol, "UDP/TLS/RTP/SAVP") || !strcmp(protocol, "UDP/TLS/RTP/SAVPF")) {
secure_audio = 1;
processed_crypto = 1;
if (p->srtp) {
ast_set_flag(p->srtp, AST_SRTP_CRYPTO_OFFER_OK);
}
@@ -10275,6 +10276,7 @@ static int process_sdp(struct sip_pvt *p, struct sip_request *req, int t38action
} else if (!strcmp(protocol, "UDP/TLS/RTP/SAVP") || !strcmp(protocol, "UDP/TLS/RTP/SAVPF")) {
secure_video = 1;
processed_crypto = 1;
if (p->vsrtp || (p->vsrtp = ast_sdp_srtp_alloc())) {
ast_set_flag(p->vsrtp, AST_SRTP_CRYPTO_OFFER_OK);
}
@@ -13036,13 +13038,17 @@ static void get_our_media_address(struct sip_pvt *p, int needvideo, int needtext
static char *crypto_get_attrib(struct ast_sdp_srtp *srtp, int dtls_enabled, int default_taglen_32)
{
char *a_crypto;
char *orig_crypto;
const char *orig_crypto;
if (!srtp) {
if (!srtp || dtls_enabled) {
return NULL;
}
orig_crypto = ast_sdp_srtp_get_attrib(srtp, dtls_enabled, default_taglen_32);
if (ast_strlen_zero(orig_crypto)) {
return NULL;
}
orig_crypto = ast_strdupa(ast_sdp_srtp_get_attrib(srtp, dtls_enabled, default_taglen_32));
if (ast_asprintf(&a_crypto, "a=crypto:%s\r\n", orig_crypto) == -1) {
return NULL;
}