Commit 3e0ee98f authored by johan's avatar johan

DTLS-SRTP code cleaning

+ add check on peer fingerprint
parent 39f32514
......@@ -43,15 +43,48 @@ typedef struct MSDtlsSrtpParams {
MSDtlsSrtpRole role; /**< Unset(at caller init, role is then choosen by responder but we must still be able to receive packets) */
} MSDtlsSrtpParams;
/* an opaque structure containing all context data needed by DTLS-SRTP */
typedef struct _MSDtlsSrtpContext MSDtlsSrtpContext;
/**
* check if DTLS-SRTP is available
* @return TRUE if it is available, FALSE if not
*/
MS2_PUBLIC bool_t ms_dtls_srtp_available(void);
/**
* Create an initialise a DTLS-SRTP context
* @param[in] sessions A link to the stream sessions structures, used to get rtp session to add transport modifier and needed to set SRTP sessions when keys are ready
* @param[in] params Self certificate and private key to be used for this session. Role (client/server) may be given but can be set later
* @return a pointer to the opaque context structure needed by DTLS-SRTP
*/
MS2_PUBLIC MSDtlsSrtpContext* ms_dtls_srtp_context_new(struct _MSMediaStreamSessions *sessions, MSDtlsSrtpParams *params);
/**
* Start the DTLS-SRTP channel: send DTLS ClientHello if we are client
* @param[in/out] context the DTLS-SRTP context
*/
MS2_PUBLIC void ms_dtls_srtp_start(MSDtlsSrtpContext* context);
/**
* Free ressources used by DTLS-SRTP context
* @param[in/out] context the DTLS-SRTP context
*/
MS2_PUBLIC void ms_dtls_srtp_context_destroy(MSDtlsSrtpContext *ctx);
/**
* Set DTLS role: server or client, called when SDP exchange reach the point where we can determine self role
* @param[in/out] context the DTLS-SRTP context
* @param[in] role Client/Server/Invalid/Unset according to SDP INVITE processing
*/
MS2_PUBLIC void ms_dtls_srtp_set_role(MSDtlsSrtpContext *context, MSDtlsSrtpRole role);
/**
* Give to the DTLS-SRTP context the peer certificate fingerprint extracted from trusted SDP INVITE,
* it will be compared(case insensitive) with locally computed one after DTLS handshake is completed successfully and peer certicate retrieved
* @param[in/out] context the DTLS-SRTP context
* @param[in] peer_fingerprint a null terminated string containing the peer certificate as found in the SDP INVITE(including the heading hash algorithm name)
*/
MS2_PUBLIC void ms_dtls_srtp_set_peer_fingerprint(MSDtlsSrtpContext *context, const char *peer_fingerprint);
#ifdef __cplusplus
......
......@@ -65,10 +65,7 @@ typedef struct _DtlsRawPacket {
#define DTLS_STATUS_CONTEXT_NOT_READY 0
#define DTLS_STATUS_CONTEXT_READY 1
#define DTLS_STATUS_ON_GOING_HANDSHAKE 2
#define DTLS_STATUS_HANDSHAKE_OVER 3
#define DTLS_STATUS_RTCP_HANDSHAKE_ONGOING 4
#define DTLS_STATUS_RTCP_HANDSHAKE_OVER 5
#define DTLS_STATUS_HANDSHAKE_OVER 2
#define READ_TIMEOUT_MS 1000
......@@ -83,8 +80,8 @@ struct _MSDtlsSrtpContext{
DtlsPolarsslContext *rtp_dtls_context; /**< a structure containing all contexts needed by polarssl for RTP channel */
DtlsPolarsslContext *rtcp_dtls_context; /**< a structure containing all contexts needed by polarssl for RTCP channel */
uint8_t rtp_channel_status; /**< channel status : DTLS_STATUS_CONTEXT_NOT_READY, DTLS_STATUS_CONTEXT_READY, DTLS_STATUS_ON_GOING_HANDSHAKE, DTLS_STATUS_HANDSHAKE_OVER */
uint8_t rtcp_channel_status; /**< channel status : DTLS_STATUS_CONTEXT_NOT_READY, DTLS_STATUS_CONTEXT_READY, DTLS_STATUS_ON_GOING_HANDSHAKE, DTLS_STATUS_HANDSHAKE_OVER */
uint8_t rtp_channel_status; /**< channel status : DTLS_STATUS_CONTEXT_NOT_READY, DTLS_STATUS_CONTEXT_READY, DTLS_STATUS_HANDSHAKE_OVER */
uint8_t rtcp_channel_status; /**< channel status : DTLS_STATUS_CONTEXT_NOT_READY, DTLS_STATUS_CONTEXT_READY, DTLS_STATUS_HANDSHAKE_OVER */
DtlsRawPacket *rtp_incoming_buffer; /**< buffer of incoming DTLS packet to be read by polarssl callback */
DtlsRawPacket *rtcp_incoming_buffer; /**< buffer of incoming DTLS packet to be read by polarssl callback */
......@@ -681,7 +678,13 @@ bool_t ms_dtls_srtp_available(){return TRUE;}
void ms_dtls_srtp_set_peer_fingerprint(MSDtlsSrtpContext *context, const char *peer_fingerprint) {
if (context) {
memcpy(context->peer_fingerprint, peer_fingerprint, strlen(peer_fingerprint));
size_t peer_fingerprint_length = strlen(peer_fingerprint)+1; // include the null termination
if (peer_fingerprint_length>sizeof(context->peer_fingerprint)) {
memcpy(context->peer_fingerprint, peer_fingerprint, sizeof(context->peer_fingerprint));
ms_error("DTLS-SRTP received from SDP INVITE a peer fingerprint %d bytes length wich is longer than maximum storage %d bytes", (int)peer_fingerprint_length, (int)sizeof(context->peer_fingerprint));
} else {
memcpy(context->peer_fingerprint, peer_fingerprint, peer_fingerprint_length);
}
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment