Commit 2cc27d66 authored by jehan's avatar jehan Committed by Ghislain MARY

fix wrong selection of sender crypto’s key in case of an incoming offer with...

fix wrong selection of sender crypto’s key in case of an incoming offer with matching chypto also not the first. 
parent 08d269b6
...@@ -173,7 +173,6 @@ private: ...@@ -173,7 +173,6 @@ private:
SalMulticastRole getMulticastRole (SalStreamType type); SalMulticastRole getMulticastRole (SalStreamType type);
void joinMulticastGroup (int streamIndex, MediaStream *ms); void joinMulticastGroup (int streamIndex, MediaStream *ms);
int findCryptoIndexFromTag (const SalSrtpCryptoAlgo crypto[], unsigned char tag);
void setDtlsFingerprint (MSMediaStreamSessions *sessions, const SalStreamDescription *sd, const SalStreamDescription *remote); void setDtlsFingerprint (MSMediaStreamSessions *sessions, const SalStreamDescription *sd, const SalStreamDescription *remote);
void setDtlsFingerprintOnAllStreams (); void setDtlsFingerprintOnAllStreams ();
void setupDtlsParams (MediaStream *ms); void setupDtlsParams (MediaStream *ms);
......
...@@ -1773,14 +1773,6 @@ void MediaSessionPrivate::joinMulticastGroup (int streamIndex, MediaStream *ms) ...@@ -1773,14 +1773,6 @@ void MediaSessionPrivate::joinMulticastGroup (int streamIndex, MediaStream *ms)
// ----------------------------------------------------------------------------- // -----------------------------------------------------------------------------
int MediaSessionPrivate::findCryptoIndexFromTag (const SalSrtpCryptoAlgo crypto[], unsigned char tag) {
for (int i = 0; i < SAL_CRYPTO_ALGO_MAX; i++) {
if (crypto[i].tag == tag)
return i;
}
return -1;
}
void MediaSessionPrivate::setDtlsFingerprint (MSMediaStreamSessions *sessions, const SalStreamDescription *sd, const SalStreamDescription *remote) { void MediaSessionPrivate::setDtlsFingerprint (MSMediaStreamSessions *sessions, const SalStreamDescription *sd, const SalStreamDescription *remote) {
if (sal_stream_description_has_dtls(sd)) { if (sal_stream_description_has_dtls(sd)) {
if (sd->dtls_role == SalDtlsRoleInvalid) if (sd->dtls_role == SalDtlsRoleInvalid)
...@@ -1945,7 +1937,7 @@ void MediaSessionPrivate::updateCryptoParameters (SalMediaDescription *oldMd, Sa ...@@ -1945,7 +1937,7 @@ void MediaSessionPrivate::updateCryptoParameters (SalMediaDescription *oldMd, Sa
} }
bool MediaSessionPrivate::updateStreamCryptoParameters (const SalStreamDescription *localStreamDesc, SalStreamDescription *oldStream, SalStreamDescription *newStream, MediaStream *ms) { bool MediaSessionPrivate::updateStreamCryptoParameters (const SalStreamDescription *localStreamDesc, SalStreamDescription *oldStream, SalStreamDescription *newStream, MediaStream *ms) {
int cryptoIdx = findCryptoIndexFromTag(localStreamDesc->crypto, static_cast<unsigned char>(newStream->crypto_local_tag)); int cryptoIdx = Sal::findCryptoIndexFromTag(localStreamDesc->crypto, static_cast<unsigned char>(newStream->crypto_local_tag));
if (cryptoIdx >= 0) { if (cryptoIdx >= 0) {
if (localDescChanged & SAL_MEDIA_DESCRIPTION_CRYPTO_KEYS_CHANGED) if (localDescChanged & SAL_MEDIA_DESCRIPTION_CRYPTO_KEYS_CHANGED)
ms_media_stream_sessions_set_srtp_send_key_b64(&ms->sessions, newStream->crypto[0].algo, localStreamDesc->crypto[cryptoIdx].master_key); ms_media_stream_sessions_set_srtp_send_key_b64(&ms->sessions, newStream->crypto[0].algo, localStreamDesc->crypto[cryptoIdx].master_key);
...@@ -2759,7 +2751,7 @@ void MediaSessionPrivate::startAudioStream (CallSession::State targetState, bool ...@@ -2759,7 +2751,7 @@ void MediaSessionPrivate::startAudioStream (CallSession::State targetState, bool
// Valid local tags are > 0 // Valid local tags are > 0
if (sal_stream_description_has_srtp(stream)) { if (sal_stream_description_has_srtp(stream)) {
const SalStreamDescription *localStreamDesc = sal_media_description_find_stream(localDesc, stream->proto, SalAudio); const SalStreamDescription *localStreamDesc = sal_media_description_find_stream(localDesc, stream->proto, SalAudio);
int cryptoIdx = findCryptoIndexFromTag(localStreamDesc->crypto, static_cast<unsigned char>(stream->crypto_local_tag)); int cryptoIdx = Sal::findCryptoIndexFromTag(localStreamDesc->crypto, static_cast<unsigned char>(stream->crypto_local_tag));
if (cryptoIdx >= 0) { if (cryptoIdx >= 0) {
ms_media_stream_sessions_set_srtp_recv_key_b64(&audioStream->ms.sessions, stream->crypto[0].algo, stream->crypto[0].master_key); ms_media_stream_sessions_set_srtp_recv_key_b64(&audioStream->ms.sessions, stream->crypto[0].algo, stream->crypto[0].master_key);
ms_media_stream_sessions_set_srtp_send_key_b64(&audioStream->ms.sessions, stream->crypto[0].algo, localStreamDesc->crypto[cryptoIdx].master_key); ms_media_stream_sessions_set_srtp_send_key_b64(&audioStream->ms.sessions, stream->crypto[0].algo, localStreamDesc->crypto[cryptoIdx].master_key);
...@@ -2942,7 +2934,7 @@ void MediaSessionPrivate::startTextStream () { ...@@ -2942,7 +2934,7 @@ void MediaSessionPrivate::startTextStream () {
getCurrentParams()->getPrivate()->setUsedRealtimeTextCodec(rtp_profile_get_payload(textProfile, usedPt)); getCurrentParams()->getPrivate()->setUsedRealtimeTextCodec(rtp_profile_get_payload(textProfile, usedPt));
getCurrentParams()->enableRealtimeText(true); getCurrentParams()->enableRealtimeText(true);
if (sal_stream_description_has_srtp(tstream)) { if (sal_stream_description_has_srtp(tstream)) {
int cryptoIdx = findCryptoIndexFromTag(localStreamDesc->crypto, static_cast<unsigned char>(tstream->crypto_local_tag)); int cryptoIdx = Sal::findCryptoIndexFromTag(localStreamDesc->crypto, static_cast<unsigned char>(tstream->crypto_local_tag));
if (cryptoIdx >= 0) { if (cryptoIdx >= 0) {
ms_media_stream_sessions_set_srtp_recv_key_b64(&textStream->ms.sessions, tstream->crypto[0].algo, tstream->crypto[0].master_key); ms_media_stream_sessions_set_srtp_recv_key_b64(&textStream->ms.sessions, tstream->crypto[0].algo, tstream->crypto[0].master_key);
ms_media_stream_sessions_set_srtp_send_key_b64(&textStream->ms.sessions, tstream->crypto[0].algo, localStreamDesc->crypto[cryptoIdx].master_key); ms_media_stream_sessions_set_srtp_send_key_b64(&textStream->ms.sessions, tstream->crypto[0].algo, localStreamDesc->crypto[cryptoIdx].master_key);
...@@ -3035,7 +3027,7 @@ void MediaSessionPrivate::startVideoStream (CallSession::State targetState) { ...@@ -3035,7 +3027,7 @@ void MediaSessionPrivate::startVideoStream (CallSession::State targetState) {
if (isActive) { if (isActive) {
if (sal_stream_description_has_srtp(vstream)) { if (sal_stream_description_has_srtp(vstream)) {
const SalStreamDescription *localStreamDesc = sal_media_description_find_stream(localDesc, vstream->proto, SalVideo); const SalStreamDescription *localStreamDesc = sal_media_description_find_stream(localDesc, vstream->proto, SalVideo);
int cryptoIdx = findCryptoIndexFromTag(localStreamDesc->crypto, static_cast<unsigned char>(vstream->crypto_local_tag)); int cryptoIdx = Sal::findCryptoIndexFromTag(localStreamDesc->crypto, static_cast<unsigned char>(vstream->crypto_local_tag));
if (cryptoIdx >= 0) { if (cryptoIdx >= 0) {
ms_media_stream_sessions_set_srtp_recv_key_b64(&videoStream->ms.sessions, vstream->crypto[0].algo, vstream->crypto[0].master_key); ms_media_stream_sessions_set_srtp_recv_key_b64(&videoStream->ms.sessions, vstream->crypto[0].algo, vstream->crypto[0].master_key);
ms_media_stream_sessions_set_srtp_send_key_b64(&videoStream->ms.sessions, vstream->crypto[0].algo, localStreamDesc->crypto[cryptoIdx].master_key); ms_media_stream_sessions_set_srtp_send_key_b64(&videoStream->ms.sessions, vstream->crypto[0].algo, localStreamDesc->crypto[cryptoIdx].master_key);
......
...@@ -352,8 +352,13 @@ void SalCallOp::sdpProcess () { ...@@ -352,8 +352,13 @@ void SalCallOp::sdpProcess () {
mResult->streams[i].rtp_port = mRemoteMedia->streams[i].rtp_port; mResult->streams[i].rtp_port = mRemoteMedia->streams[i].rtp_port;
strcpy(mResult->streams[i].rtcp_addr, mRemoteMedia->streams[i].rtcp_addr); strcpy(mResult->streams[i].rtcp_addr, mRemoteMedia->streams[i].rtcp_addr);
mResult->streams[i].rtcp_port = mRemoteMedia->streams[i].rtcp_port; mResult->streams[i].rtcp_port = mRemoteMedia->streams[i].rtcp_port;
if (sal_stream_description_has_srtp(&mResult->streams[i])) if (sal_stream_description_has_srtp(&mResult->streams[i])) {
mResult->streams[i].crypto[0] = mRemoteMedia->streams[i].crypto[0]; int cryptoIdx = Sal::findCryptoIndexFromTag( mRemoteMedia->streams[i].crypto, static_cast<unsigned char>(mResult->streams[i].crypto[0].tag));
if (cryptoIdx >= 0)
mResult->streams[i].crypto[0] = mRemoteMedia->streams[i].crypto[cryptoIdx];
else
lError() << "Failed to find crypto algo with tag: " << mResult->streams[i].crypto_local_tag << "from resulting description [" << mResult << "]";
}
} }
} }
} }
......
...@@ -808,6 +808,13 @@ belle_sip_response_t *Sal::createResponseFromRequest (belle_sip_request_t *reque ...@@ -808,6 +808,13 @@ belle_sip_response_t *Sal::createResponseFromRequest (belle_sip_request_t *reque
return response; return response;
} }
int Sal::findCryptoIndexFromTag (const SalSrtpCryptoAlgo crypto[], unsigned char tag) {
for (int i = 0; i < SAL_CRYPTO_ALGO_MAX; i++) {
if (crypto[i].tag == tag)
return i;
}
return -1;
}
//*********************************** //***********************************
......
...@@ -249,6 +249,8 @@ public: ...@@ -249,6 +249,8 @@ public:
belle_sip_source_t *createTimer (belle_sip_source_func_t func, void *data, unsigned int timeoutValueMs, const std::string &timerName); belle_sip_source_t *createTimer (belle_sip_source_func_t func, void *data, unsigned int timeoutValueMs, const std::string &timerName);
void cancelTimer (belle_sip_source_t *timer); void cancelTimer (belle_sip_source_t *timer);
//utils
static int findCryptoIndexFromTag (const SalSrtpCryptoAlgo crypto[], unsigned char tag);
private: private:
struct SalUuid { struct SalUuid {
......
...@@ -2674,6 +2674,13 @@ static void srtp_call(void) { ...@@ -2674,6 +2674,13 @@ static void srtp_call(void) {
call_base(LinphoneMediaEncryptionSRTP,FALSE,FALSE,LinphonePolicyNoFirewall,FALSE); call_base(LinphoneMediaEncryptionSRTP,FALSE,FALSE,LinphonePolicyNoFirewall,FALSE);
} }
/*
*Purpose of this test is to check that even if caller and callee does not have exactly the same crypto suite configured, the matching crypto suite is used.
*/
static void srtp_call_with_different_crypto_suite(void) {
call_base_with_configfile(LinphoneMediaEncryptionSRTP,FALSE,FALSE,LinphonePolicyNoFirewall,FALSE, "laure_tcp_rc", "marie_rc");
}
static void zrtp_call(void) { static void zrtp_call(void) {
call_base(LinphoneMediaEncryptionZRTP,FALSE,FALSE,LinphonePolicyNoFirewall,FALSE); call_base(LinphoneMediaEncryptionZRTP,FALSE,FALSE,LinphonePolicyNoFirewall,FALSE);
} }
...@@ -6574,6 +6581,7 @@ test_t call_tests[] = { ...@@ -6574,6 +6581,7 @@ test_t call_tests[] = {
TEST_NO_TAG("Call paused resumed with loss", call_paused_resumed_with_loss), TEST_NO_TAG("Call paused resumed with loss", call_paused_resumed_with_loss),
TEST_NO_TAG("Call paused resumed from callee", call_paused_resumed_from_callee), TEST_NO_TAG("Call paused resumed from callee", call_paused_resumed_from_callee),
TEST_NO_TAG("SRTP call", srtp_call), TEST_NO_TAG("SRTP call", srtp_call),
TEST_NO_TAG("SRTP call with different crypto suite", srtp_call_with_different_crypto_suite),
TEST_NO_TAG("ZRTP call", zrtp_call), TEST_NO_TAG("ZRTP call", zrtp_call),
TEST_NO_TAG("ZRTP silent call", zrtp_silent_call), TEST_NO_TAG("ZRTP silent call", zrtp_silent_call),
TEST_NO_TAG("ZRTP SAS call", zrtp_sas_call), TEST_NO_TAG("ZRTP SAS call", zrtp_sas_call),
......
...@@ -4,6 +4,7 @@ sip_tcp_port=-1 ...@@ -4,6 +4,7 @@ sip_tcp_port=-1
sip_tls_port=-1 sip_tls_port=-1
default_proxy=0 default_proxy=0
ping_with_options=0 ping_with_options=0
srtp_crypto_suites=AES_256_CM_HMAC_SHA1_80
[auth_info_0] [auth_info_0]
username=laure username=laure
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment