1st pass to add secure RTP
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@1102 d0543943-73ff-0310-b7d9-9358b9ac24b2
This commit is contained in:
parent
786bf4d1cb
commit
7a578a8951
|
@ -85,6 +85,7 @@ SWITCH_DECLARE(switch_status)switch_rtp_create(switch_rtp **new_rtp_session,
|
|||
uint32_t packet_size,
|
||||
uint32_t ms_per_packet,
|
||||
switch_rtp_flag_t flags,
|
||||
char *crypto_key,
|
||||
const char **err,
|
||||
switch_memory_pool *pool);
|
||||
|
||||
|
@ -111,6 +112,7 @@ SWITCH_DECLARE(switch_rtp *)switch_rtp_new(char *rx_host,
|
|||
uint32_t packet_size,
|
||||
uint32_t ms_per_packet,
|
||||
switch_rtp_flag_t flags,
|
||||
char *crypto_key,
|
||||
const char **err,
|
||||
switch_memory_pool *pool);
|
||||
|
||||
|
|
|
@ -1290,6 +1290,7 @@ static ldl_status handle_signalling(ldl_handle_t *handle, ldl_session_t *dlsessi
|
|||
tech_pvt->read_codec.implementation->encoded_bytes_per_frame,
|
||||
tech_pvt->read_codec.implementation->microseconds_per_frame,
|
||||
0,
|
||||
NULL,
|
||||
&err, switch_core_session_get_pool(tech_pvt->session)))) {
|
||||
switch_console_printf(SWITCH_CHANNEL_CONSOLE, "RTP ERROR %s\n", err);
|
||||
switch_channel_hangup(channel);
|
||||
|
|
|
@ -89,6 +89,7 @@ static struct {
|
|||
int codec_ms;
|
||||
int dtmf_duration;
|
||||
unsigned int flags;
|
||||
char *crypto_key;
|
||||
} globals;
|
||||
|
||||
struct private_object {
|
||||
|
@ -137,6 +138,7 @@ SWITCH_DECLARE_GLOBAL_STRING_FUNC(set_global_dialplan, globals.dialplan)
|
|||
SWITCH_DECLARE_GLOBAL_STRING_FUNC(set_global_extip, globals.extip)
|
||||
SWITCH_DECLARE_GLOBAL_STRING_FUNC(set_global_ip, globals.ip)
|
||||
SWITCH_DECLARE_GLOBAL_STRING_FUNC(set_global_codec_string, globals.codec_string)
|
||||
SWITCH_DECLARE_GLOBAL_STRING_FUNC(set_global_crypto_key, globals.crypto_key)
|
||||
|
||||
static switch_status exosip_on_init(switch_core_session *session);
|
||||
static switch_status exosip_on_hangup(switch_core_session *session);
|
||||
|
@ -482,6 +484,7 @@ static switch_status activate_rtp(struct private_object *tech_pvt)
|
|||
tech_pvt->read_codec.implementation->encoded_bytes_per_frame,
|
||||
ms,
|
||||
0,
|
||||
globals.crypto_key,
|
||||
&err, switch_core_session_get_pool(tech_pvt->session));
|
||||
|
||||
if (tech_pvt->rtp_session) {
|
||||
|
@ -1572,6 +1575,8 @@ static int config_exosip(int reload)
|
|||
set_global_ip(val);
|
||||
} else if (!strcmp(var, "dialplan")) {
|
||||
set_global_dialplan(val);
|
||||
} else if (!strcmp(var, "crypto_key")) {
|
||||
set_global_crypto_key(val);
|
||||
} else if (!strcmp(var, "codec_prefs")) {
|
||||
set_global_codec_string(val);
|
||||
globals.codec_order_last = switch_separate_string(globals.codec_string, ',', globals.codec_order, SWITCH_MAX_CODECS);
|
||||
|
|
|
@ -44,6 +44,8 @@
|
|||
#define RTP_START_PORT 16384
|
||||
#define RTP_END_PORT 32768
|
||||
#define SWITCH_RTP_CNG_PAYLOAD 13
|
||||
#define MAX_KEY_LEN 64
|
||||
#define MASTER_KEY_LEN 30
|
||||
|
||||
static switch_port_t NEXT_PORT = RTP_START_PORT;
|
||||
static switch_mutex_t *port_lock = NULL;
|
||||
|
@ -244,6 +246,7 @@ SWITCH_DECLARE(switch_status) switch_rtp_create(switch_rtp **new_rtp_session,
|
|||
uint32_t packet_size,
|
||||
uint32_t ms_per_packet,
|
||||
switch_rtp_flag_t flags,
|
||||
char *crypto_key,
|
||||
const char **err,
|
||||
switch_memory_pool *pool)
|
||||
{
|
||||
|
@ -269,27 +272,60 @@ SWITCH_DECLARE(switch_status) switch_rtp_create(switch_rtp **new_rtp_session,
|
|||
/* for from address on recvfrom calls */
|
||||
switch_sockaddr_info_get(&rtp_session->from_addr, NULL, SWITCH_UNSPEC, 0, 0, rtp_session->pool);
|
||||
|
||||
memset(&policy, 0, sizeof(policy));
|
||||
if (crypto_key) {
|
||||
int len;
|
||||
|
||||
crypto_policy_set_rtp_default(&policy.rtp);
|
||||
crypto_policy_set_rtcp_default(&policy.rtcp);
|
||||
policy.ssrc.type = ssrc_specific;
|
||||
policy.ssrc.value = ssrc;
|
||||
policy.key = (uint8_t *) key;
|
||||
policy.next = NULL;
|
||||
policy.rtp.sec_serv = sec_serv_conf_and_auth;
|
||||
policy.rtcp.sec_serv = sec_serv_none; /* we don't do RTCP anyway */
|
||||
|
||||
|
||||
|
||||
policy.key = (uint8_t *)key;
|
||||
policy.ssrc.type = ssrc_specific;
|
||||
policy.ssrc.value = ssrc;
|
||||
policy.rtp.cipher_type = NULL_CIPHER;
|
||||
policy.rtp.cipher_key_len = 0;
|
||||
policy.rtp.auth_type = NULL_AUTH;
|
||||
policy.rtp.auth_key_len = 0;
|
||||
policy.rtp.auth_tag_len = 0;
|
||||
policy.rtp.sec_serv = sec_serv_none;
|
||||
policy.rtcp.cipher_type = NULL_CIPHER;
|
||||
policy.rtcp.cipher_key_len = 0;
|
||||
policy.rtcp.auth_type = NULL_AUTH;
|
||||
policy.rtcp.auth_key_len = 0;
|
||||
policy.rtcp.auth_tag_len = 0;
|
||||
policy.rtcp.sec_serv = sec_serv_none;
|
||||
policy.next = NULL;
|
||||
|
||||
/*
|
||||
* read key from hexadecimal on command line into an octet string
|
||||
*/
|
||||
len = hex_string_to_octet_string(key, crypto_key, MASTER_KEY_LEN*2);
|
||||
|
||||
/* check that hex string is the right length */
|
||||
if (len < MASTER_KEY_LEN*2) {
|
||||
switch_console_printf(SWITCH_CHANNEL_CONSOLE,
|
||||
"error: too few digits in key/salt "
|
||||
"(should be %d hexadecimal digits, found %d)\n",
|
||||
MASTER_KEY_LEN*2, len);
|
||||
return SWITCH_STATUS_FALSE;
|
||||
}
|
||||
if (strlen(crypto_key) > MASTER_KEY_LEN*2) {
|
||||
switch_console_printf(SWITCH_CHANNEL_CONSOLE,
|
||||
"error: too many digits in key/salt "
|
||||
"(should be %d hexadecimal digits, found %u)\n",
|
||||
MASTER_KEY_LEN*2, (unsigned)strlen(crypto_key));
|
||||
return SWITCH_STATUS_FALSE;
|
||||
}
|
||||
|
||||
switch_console_printf(SWITCH_CHANNEL_CONSOLE, "set master key/salt to %s/", octet_string_hex_string(key, 16));
|
||||
switch_console_printf(SWITCH_CHANNEL_CONSOLE, "%s\n", octet_string_hex_string(key+16, 14));
|
||||
} else {
|
||||
policy.key = (uint8_t *)key;
|
||||
policy.ssrc.type = ssrc_specific;
|
||||
policy.ssrc.value = ssrc;
|
||||
policy.rtp.cipher_type = NULL_CIPHER;
|
||||
policy.rtp.cipher_key_len = 0;
|
||||
policy.rtp.auth_type = NULL_AUTH;
|
||||
policy.rtp.auth_key_len = 0;
|
||||
policy.rtp.auth_tag_len = 0;
|
||||
policy.rtp.sec_serv = sec_serv_none;
|
||||
policy.rtcp.cipher_type = NULL_CIPHER;
|
||||
policy.rtcp.cipher_key_len = 0;
|
||||
policy.rtcp.auth_type = NULL_AUTH;
|
||||
policy.rtcp.auth_key_len = 0;
|
||||
policy.rtcp.auth_tag_len = 0;
|
||||
policy.rtcp.sec_serv = sec_serv_none;
|
||||
policy.next = NULL;
|
||||
}
|
||||
rtp_session->send_msg.header.ssrc = htonl(ssrc);
|
||||
rtp_session->send_msg.header.ts = 0;
|
||||
rtp_session->send_msg.header.seq = (uint16_t) rand();
|
||||
|
@ -331,12 +367,13 @@ SWITCH_DECLARE(switch_rtp *)switch_rtp_new(char *rx_host,
|
|||
uint32_t packet_size,
|
||||
uint32_t ms_per_packet,
|
||||
switch_rtp_flag_t flags,
|
||||
char *crypto_key,
|
||||
const char **err,
|
||||
switch_memory_pool *pool)
|
||||
{
|
||||
switch_rtp *rtp_session;
|
||||
|
||||
if (switch_rtp_create(&rtp_session, payload, packet_size, ms_per_packet, flags, err, pool) != SWITCH_STATUS_SUCCESS) {
|
||||
if (switch_rtp_create(&rtp_session, payload, packet_size, ms_per_packet, flags, crypto_key, err, pool) != SWITCH_STATUS_SUCCESS) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue